In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn’t publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Accounts breached: 15453048
Breached on: April 01, 2019
Exposed data: Auth tokens, Email addresses, Genders, Names, Passwords, Spoken languages, and Usernames
Added on: September 18, 2019