MongoDB Investigates Customer Account Data Breach

Security

Database provider MongoDB has alerted customers to a data breach in which some account and contact information was compromised.

An email from MongoDB CISO, Lena Smart, sent to customers late last week was republished on X (formerly Twitter) by the vx-underground account.

“MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems,” it explained. “This includes exposure of customer account metadata and contact information. At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas.”

The incident was detected on December 13 and Smart said the firm immediately activated its incident response processes.

“We are still conducting an active investigation and believe that this unauthorized access has been going on for some period of time before discovery,” she added.

Read more on MongoDB security threats: MongoDB Instance Leaks 200 Million Chinese CVs

In the meantime, customers were urged to monitor for phishing attempts using the stolen account or metadata to make them seem more convincing.

“If not already implemented, we urge all customers to activate phishing-resistant multi-factor authentication (MFA) and regularly rotate passwords,” Smart concluded.

new update from the firm over the weekend said a spike in login attempts resulting in issues for customers attempting to access Atlas and its Support Portal was unrelated to this security incident.

Misconfigured MongoDB databases have been a common target for attack over the years, enabling opportunistic hackers to steal customer data and hold it to ransom. However, the firm itself has not suffered any major breaches in the recent past.

Image credit: rafapress / Shutterstock.com

Products You May Like

Articles You May Like

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Sophisticated TA397 Malware Targets Turkish Defense Sector
US Organizations Still Using Kaspersky Products Despite Ban
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Leave a Reply

Your email address will not be published. Required fields are marked *