Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

MongoDB launches investigation into cyber attack that exposed customer data

Database management program MongoDB has announced that it has detected a cyber attack that resulted in its corporate systems being breached.

user icon Daniel Croft
Mon, 18 Dec 2023
MongoDB launches investigation into cyber attack that exposed customer data
expand image

The company detected the breach on Wednesday last week (13 December), saying the incident resulted in customer data being seen by the threat actors.

In a statement posted on MongoDB’s alerts page, as seen by Cyber Daily, the company has begun an investigation into the incident.

“MongoDB is investigating a security incident involving unauthorised access to certain MongoDB corporate systems,” said the post, which was uploaded on 16 December.

============
============

“This includes exposure of customer account metadata and contact information. At this time, we are NOT aware of any exposure to the data that customers store in MongoDB Atlas.

“We are still conducting an active investigation and believe that this unauthorised access has been going on for some period of time before discovery,” the company added, with the lengthy period of access suggesting that data may have been stolen.

MongoDB has said it will continue to update its alerts page as more information regarding the breach is uncovered.

In an email to MongoDB’s customer, chief information security officer Lena Smart said that despite the lack of evidence that customer data was exposed to threat actors, customers should take the necessary measures to protect themselves.

“We recommend that customers be vigilant for social engineering and phishing attacks, activate phishing-resistant multifactor authentication (MFA), and regularly rotate their MongoDB Atlas passwords,” said Smart.

Hours after the alert, the company issued an alert regarding issues relating to its Atlas and Support portal.

“We are experiencing a spike in login attempts resulting in issues for customers attempting to log in to Atlas and our Support Portal. This is unrelated to the security incident,” it said.

The issue has since been resolved.

The threat actor behind the attack is currently unknown, as is the data that was accessed.

The most recent incident is not the first time the company has had its systems exposed.

Back in 2019, an unprotected database was discovered that listed over 800 million records, including personal details such as email addresses and phone numbers. Over 150 gigabytes of data were stored in the database and accessible to anyone with an internet connection.

Prior to this, in 2017, researchers discovered that a number of threat actors had hijacked MongoDB databases and held the contained data for ransom. One such database had its data cleared and replaced with information that informed owners that a ransom was needed to return it to normal.

Thousands of databases were hit within two weeks during this period.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.