We stopped updating this site on June 30, 2024. From now on, information on Educational Campus-wide Computing System (ECCS) will be provided at utelecon
The Portal Site of Information Systems @ UTokyo.
User information leakage by Lumin PDF
News
Updated: December 12, 2019
December 12, 2019
Overview
We have been notified that User information of those using Luming PDF was been leaked.
Details
On November 18, 2019 the risk of password leakage concerning the Lumin PDF was reported on Internet news sites. It was found that 68 ECCS Cloud Email addresses have been listed on “the list of Email addresses which have leaked their information” provided by UTokyo CERT - The University of Tokyo Computer Emergency Response Team.
We have contacted those whose email address were on the list.
Leaked data are as follows
- Google Drive API access token
- Email address
- Name
- Password used for Lumin PDF (if set)
- Others
Necessary actions to be taken
It is necessary to take the following actions by the relevant persons.
- The API access token was forcibly revoked by Google on September 18, 2019.
However, it seems that between April 1 and September 18, 2019 it may have been possible to illegally access files on Google Drive. If you suspect that important information may have leaked or that your file was tampered with, please contact the ECCS support team (email: ecc-support@ecc.u-tokyo.ac.jp)
- If you are signing into Lumin PDF using your Google account (ECCS Cloud Email), then there is no risk of password leakage. However, if you have set your own password for Lumin PDF, please change your Lumin PDF password.
- If you are using the same password that was leaked as a password for other services, it will also be necessary for you to change the password of those services as soon as possible.
You can check whether or not your account information has leaked using the following website.
';-have i been pwned?
https://haveibeenpwned.com/
For details, please also refer to the following webpage.
https://haveibeenpwned.com/PwnedWebsites#LuminPDF
Please refer to the following Google Account Help page for more information on how to check and remove Lumin PDF’s access to your Google Drive.
Google Account Help>Third-party sites & apps with access to your account>Remove site or app access
https://support.google.com/accounts/answer/3466521?hl=en
