Security notice: Alleged Lumin data leak

On March 30, 2024 at approximately 12:20 pm GMT+11, we learned of a file alleging to contain email addresses and passwords to Lumin accounts hosted on a private server outside of Lumin.

The file included 66 email addresses. Only 53 of these belong to current Lumin users. Although passwords were in the file, we have been unable to verify these passwords belong to any Lumin customers.

Lumin does not store user passwords. We store a salted hash of your passwords. We have not seen anything to suggest the salt was broken.

No other data related to Lumin was found on the private server, and as far as we know, no accounts have been compromised.

We have been working on introducing two-factor authentication, and are expediting this process to ensure both your security and peace of mind in future.

For now, there are no actions Lumin users need to take. However, this is a good reminder to avoid using the same password for multiple services or websites. Use strong passwords and change them often.

We will continue to investigate the origin of this data and will post an update as soon as we have more information.

If you have been impacted by this, we will notify you within the next 7 days.

Lumin users who have questions or concerns about this incident can contact our security team: [email protected].

Edited April 9 2024 to amend "85 users" to "66 users".