15.5 Million Records Breached – Disclosed After 5 Months

This post is also available in: עברית (Hebrew)

In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn’t publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. 

The data had been left publicly exposed after which Lumin PDF was allegedly been “contacted multiple times, but ignored all the queries”. 

The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token. 

Why are you only hearing about this now? Whilst the breach occurred in April, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly. 

Have I Been Pwned website suggest 2 Steps to Better Password Security:

Step 1: Protect yourself with strong, unique passwords for each website with the 1Password password manager

Step 2: Enable 2 factor authentication and store the codes inside your 1Password account

You can also run a search for breaches of your email address again at any time to get a complete list of sites where your account has been compromised.