Should we expect the next attack, or will the attackers stop there?
MongoDB, a database software development company, reported unauthorized access to some corporate systems on December 16. The incident resulted in a leak of customer account metadata and contact information (customer names, phone numbers, and email addresses). It is reported that the attack also affected the system logs of only one client, which the company notified about the incident.
The first signs of hacking were detected on December 13, 2023. After detecting abnormal activity, the company immediately started responding to the incident. According to MongoDB, unauthorized access to systems continued for some time before it was detected. The exact time period when the violation occurred is not disclosed. MongoDB did not detect any vulnerability in MongoDB products that could be exploited.
The company also assured that customer data stored in MongoDB Atlas is not affected. This is because access to the MongoDB Atlas cluster is authenticated through a system separate from MongoDB enterprise systems, so the Atlas cluster authentication system was not compromised.
Due to this incident, MongoDB recommends that all customers be vigilant against social engineering attacks and phishing attacks. The company recommends using multi-factor authentication, and also recommends changing passwords for MongoDB Atlas accounts. In addition, the company reported increased activity of login attempts, which causes difficulties for customers when trying to log in to Atlas and the support portal. However, it is clarified that this is not related to the incident.
The metadata disclosed during the attack is important for the administration and management of accounts in the system. They contain information such as account IDs, information about the time when the account was created and last used, the account status (active or blocked), roles and access rights, and contact information.
The metadata does not contain sensitive information, such as passwords or personal data stored in the account, but it can provide attackers with information about the structure and users of the system. MongoDB said that the incident is under active investigation and promised to provide additional information as soon as possible.
MongoDB has been attacked before. For example, in 2020, an unknown cybercriminal gained unauthorized access to 29 thousand Internet resources. MongoDB databases (47% of all MongoDB installations connected to the Network), accessible via the Internet without any password. Production systems were also affected during the campaign, and some businesses also lost backups of their data.
MongoDB, a database software development company, reported unauthorized access to some corporate systems on December 16. The incident resulted in a leak of customer account metadata and contact information (customer names, phone numbers, and email addresses). It is reported that the attack also affected the system logs of only one client, which the company notified about the incident.
The first signs of hacking were detected on December 13, 2023. After detecting abnormal activity, the company immediately started responding to the incident. According to MongoDB, unauthorized access to systems continued for some time before it was detected. The exact time period when the violation occurred is not disclosed. MongoDB did not detect any vulnerability in MongoDB products that could be exploited.
The company also assured that customer data stored in MongoDB Atlas is not affected. This is because access to the MongoDB Atlas cluster is authenticated through a system separate from MongoDB enterprise systems, so the Atlas cluster authentication system was not compromised.
Due to this incident, MongoDB recommends that all customers be vigilant against social engineering attacks and phishing attacks. The company recommends using multi-factor authentication, and also recommends changing passwords for MongoDB Atlas accounts. In addition, the company reported increased activity of login attempts, which causes difficulties for customers when trying to log in to Atlas and the support portal. However, it is clarified that this is not related to the incident.
The metadata disclosed during the attack is important for the administration and management of accounts in the system. They contain information such as account IDs, information about the time when the account was created and last used, the account status (active or blocked), roles and access rights, and contact information.
The metadata does not contain sensitive information, such as passwords or personal data stored in the account, but it can provide attackers with information about the structure and users of the system. MongoDB said that the incident is under active investigation and promised to provide additional information as soon as possible.
MongoDB has been attacked before. For example, in 2020, an unknown cybercriminal gained unauthorized access to 29 thousand Internet resources. MongoDB databases (47% of all MongoDB installations connected to the Network), accessible via the Internet without any password. Production systems were also affected during the campaign, and some businesses also lost backups of their data.
