MongoDB Cyber Attack, Customer Data Exposed

MongoDB has skilled a safety incident whereby unauthorized entry to its company programs modified into once known.

Nonetheless, the firm confirmed that there modified into once no proof of entry to any customer’s system logs. MongoDB is currently investigating the incident with authorities and forensic experts.

This incident modified into once found on Saturday (16th December 2023) when there modified into once a suspicious assignment of unauthorized entry to their company programs. It modified into once found later that the unauthorized entry had a longer interval earlier than it modified into once detected.

Incident Response Document

Per the reports shared with Cyber Security Recordsdata, the safety incident consuming this unauthorized entry to their company system included customer story metadata, contact recordsdata, customer names, cell phone numbers, and email addresses.

Nonetheless, no safety vulnerability modified into once known in any MongoDB merchandise as section of this incident. As smartly as to this, the firm also confirmed that the MongoDB Atlas cluster had no proof of unauthorized entry.

MongoDB specified that MongoDB Atlas cluster authentication has a separate system from MongoDB company programs, and there modified into once no proof of compromise on the authentication system.

Login Spike

After the first incident document of this incident, there modified into once a second incident, which acknowledged a high selection of login attempts that resulted in considerations with Atlas and the MongoDB enhance portal.

MongoDB confirmed that this assignment modified into once unrelated to the safety incident and urged their customers to examine out all any other time after a short time.

Investigations are peaceable ongoing, and a complete incident document about this incident has but to be published. Organizations must preserve all their programs updated and patch the entire merchandise precisely to halt these selection of incidents.