Lumin PDF’s customer database was released on a hacking forum earlier this week. The database was taken down some time after that happened, the person wrote in his post on the hacker forum (see MongoDB Ransomware Compromises Double in a Day). Ransomware attackers often scan the internet for MongoDB instances that have been left open and require no authentication to access.
Data DumpĮfforts to reach Ferguson, a native New Zealander who’s LinkedIn profile says he is a research assistant at Stanford University in California, and NitroLabs, were unsuccessful.Ī few weeks after discovering the database, the person who discovers it says, it was hit with ransomware. He says he reached out to NitroLabs, including its founder and CEO Max Ferguson, on his personal email, but did not receive a response.
#LUMIN PROFESSIONAL PDF#
The person who says he found the data, who asked not to be named, tells Information Security Media Group that his team found a MongoDB database belonging to Lumin PDF accessible online around mid-April.
The published data includes users' full names, Google profiles, email addresses, locales and in some cases, Google access tokens and hashed passwords. Lumin PDF, a product of NitroLabs of New Zealand, is free PDF editing tool that offers tiered subscriptions for more advanced features and storage. See Also: Data Sharing Espionage: A Fraud Discussion Case in point: Lumin PDF, a PDF editing tool, which saw data for much of its user base - about 24.3 million - published in an online forum late Monday. Ignoring a breach disclosure can have ugly consequences.
NitroLabs founder and CEO Max Ferguson gives a presentation on May 11, 2017, in San Francisco.