2019/11/18　Information leakage from Lumin PDF

In Lumin PDF app that can edit PDF files on Google Drive, 15.5 million user information leaked in April 2019.

The leaked data includes API access token (* 1), email address, name, password, etc. to Google Drive.

We have received information that the University account is included in the leaked data.

You can check whether your user information is included in the leaked data on the Have I Been Pwnded site.

(* 1) If you authenticate with API access token, you can access the file without password or 2-step verification.

• What to do if your email address is included in the leaked data

1. The API access token is forcibly disabled on Google on September 18, 2019, but it will be in a state where unauthorized access to files on Google Drive will be possible between 2019/4 and 2019/9/18 I guess it was. If an event such as information leakage is confirmed, please contact the Information Networks Systems Section.
2. If you are using only in conjunction with (G suite for Education) used at the University, there is no need to change the password.
3. Since LuminPDF can be linked to Dropbox, if it was used in conjunction with Dropbox, it may have been possible to illegally access files on Dropbox.
4. If you have signed up and used personally, please change your Lumin PDF password just in case.
5. In addition, if you signed up for Lumin PDF personally and you used your password for internal services or other services outside the university, you will need to change the password for each service.