The looming shadow of unauthorized access to sensitive information has descended upon database management giant MongoDB. The New York-based company, serving over 46,000 clients such as industry heavy-hitters Adobe, eBay, Verizon, as well as the United Kingdom’s Department for Work and Pensions, specializes in assisting businesses in managing their databases and vast troves of data. MongoDB offers both its signature open-source self-hosted database and its Atlas database-as-a-service solution.
In a statement posted late on Friday, MongoDB announced that they are currently investigating a security incident. This incident has led to the exposure of some data belonging to their customers. According to MongoDB, the breach involves unauthorized access to select corporate systems, including the compromise of customer account metadata and contact information.
MongoDB revealed that they initially detected suspicious activity on Wednesday. However, they also acknowledged that the unauthorized access may have been occurring for some time before their discovery. When asked for more details, MongoDB CISO, Lena Smart, declined to comment.
In an update released on Sunday, MongoDB clarified that their Atlas database, utilized by their hosted database clientele, was not affected by the breach. However, the company confirmed that hackers did obtain access to some of their corporate systems, which potentially contained customer names, phone numbers, email addresses, and other unspecified account metadata.
In the case of one customer, the exposed data included system logs. These logs can consist of information about the operation of a database or its underlying system. CISO Smart assured that this particular customer was notified and that they have yet to find any evidence of other customers’ system logs being accessed.
It is unclear what measures MongoDB has in place to detect malicious activity on their network, such as their own log records. The company also declined to disclose the number of customers that may be affected by the compromise of their corporate systems. Additionally, it is unknown how the breach occurred, which specific systems were breached, and if the incident was reported to the U.S. Securities and Exchange Commission. Under the current regulations, organizations must report any “material” cybersecurity breaches to the regulator within four days of discovering the incident.
In light of this incident, MongoDB has advised its customers to remain vigilant for any social engineering or phishing attempts. They also recommend that users activate multi-factor authentication on their accounts to defend against such attacks. However, the company also noted that they do not currently require customers to use this added security measure by default.
MongoDB shared that over the weekend, they experienced an unusual amount of login attempts, causing issues for customers attempting to access their Atlas database and support portal. However, they clarified that this was unrelated to the recent security incident.
[…] mortgage and loan company, stealing sensitive personal information from more than 14.6 million customers. Confirmation of this cyberattack was made through a filing with the attorney general’s […]