iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Database management program MongoDB has announced that it has detected a cyber attack that resulted in its corporate systems being breached.
The company detected the breach on Wednesday last week (13 December), saying the incident resulted in customer data being seen by the threat actors.
In a statement posted on MongoDB’s alerts page, as seen by Cyber Daily, the company has begun an investigation into the incident.
“MongoDB is investigating a security incident involving unauthorised access to certain MongoDB corporate systems,” said the post, which was uploaded on 16 December.
“This includes exposure of customer account metadata and contact information. At this time, we are NOT aware of any exposure to the data that customers store in MongoDB Atlas.
“We are still conducting an active investigation and believe that this unauthorised access has been going on for some period of time before discovery,” the company added, with the lengthy period of access suggesting that data may have been stolen.
MongoDB has said it will continue to update its alerts page as more information regarding the breach is uncovered.
In an email to MongoDB’s customer, chief information security officer Lena Smart said that despite the lack of evidence that customer data was exposed to threat actors, customers should take the necessary measures to protect themselves.
“We recommend that customers be vigilant for social engineering and phishing attacks, activate phishing-resistant multifactor authentication (MFA), and regularly rotate their MongoDB Atlas passwords,” said Smart.
Hours after the alert, the company issued an alert regarding issues relating to its Atlas and Support portal.
“We are experiencing a spike in login attempts resulting in issues for customers attempting to log in to Atlas and our Support Portal. This is unrelated to the security incident,” it said.
The issue has since been resolved.
The threat actor behind the attack is currently unknown, as is the data that was accessed.
The most recent incident is not the first time the company has had its systems exposed.
Back in 2019, an unprotected database was discovered that listed over 800 million records, including personal details such as email addresses and phone numbers. Over 150 gigabytes of data were stored in the database and accessible to anyone with an internet connection.
Prior to this, in 2017, researchers discovered that a number of threat actors had hijacked MongoDB databases and held the contained data for ransom. One such database had its data cleared and replaced with information that informed owners that a ransom was needed to return it to normal.
Thousands of databases were hit within two weeks during this period.
Be the first to hear the latest developments in the cyber industry.
