Lumin PDF

Lumin PDF operates as a cloud-based PDF service, providing users with the ability to work with PDF documents through an online platform. The company’s headquarters are located in New Zealand, establishing its base in the Oceania region. Its primary offering centers on delivering PDF functionality via the internet, eliminating the need for locally installed software. The service is accessed through a web interface, allowing individuals and organizations to manage PDFs from various devices. By focusing on a cloud delivery model, Lumin PDF aims to provide convenient and scalable document handling solutions.

In April 2019, a security breach exposed the personal data of approximately 24.3 million users of Lumin PDF. The incident stemmed from an unprotected MongoDB database that remained accessible on the internet for several months. Exposed data fields included full names, email addresses, gender, locale settings, and either hashed passwords or expired Google access tokens. A small proportion of the passwords were stored using Bcrypt hashing, while the remainder relied on other hashing methods or token representations. After the data was copied, the attacker deployed ransomware that destroyed the database and took the associated server offline. Lumin PDF publicly acknowledged that a portion of user information had been compromised but disputed assertions that active access tokens were leaked. The company clarified that all Google access tokens in the exposed set were already invalid at the time of the breach. Following the disclosure, Lumin PDF stated that the security weaknesses that allowed the database to be left unprotected had been addressed and resolved. The scale of the affected user base indicates that the service had achieved substantial adoption prior to the incident.

The breach highlights Lumin PDF’s specialization in providing cloud‑based PDF tools that emphasize accessibility and ease of use. By operating exclusively as a web‑delivered service, the company distinguishes itself from traditional desktop‑focused PDF software vendors. The incident prompted a review of data protection practices, leading to enhanced database security configurations and monitoring. Locale information among the exposed records suggests that the user base spans multiple geographic regions and language preferences. No details regarding ownership structure, parent companies, or subsidiary relationships are available in the supplied sources. Consequently, any description of the company’s corporate hierarchy remains unspecified based on the current information.