Database provider MongoDB has alerted customers to a data breach in which some account and contact information was compromised.
As per the email from MongoDB to the users “MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems,” it explained. “This includes exposure of customer account metadata and contact information. At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas.”
The incident was detected on December 13 and immediately activated its incident response processes. The investigation is ongoing, and this unauthorized access has been going on for some period before discovery.
Customers were urged to monitor for phishing attempts using the stolen account or metadata to make them seem more convincing.
“If not already implemented, we urge all customers to activate phishing-resistant multi-factor authentication (MFA) and regularly rotate passwords,”.
A new update from the firm over the weekend said a spike in login attempts resulting in issues for customers attempting to access Atlas and its Support Portal was unrelated to this security incident.
Misconfigured MongoDB databases have been a common target for attack over the years, enabling opportunistic hackers to steal customer data and hold it to ransom. However, the firm itself has not suffered any major breaches in the recent past.
Nice post ✉️