MongoDB Hacked: MongoDB confirmed customer data exposed in a cyberattack and security breach
Daniel Levi
Posted On December 18, 2023
MongoDB announced on Saturday that its systems were breached in a cyberattack due to unauthorized access to “certain” corporate systems. The database software company said it first detected anomalous activity on December 13, 2023, and it’s actively investigating the incident.
MongoDB confirmed that the unauthorized access had been ongoing for some time before its discovery, although it clarified that there is currently no awareness of any exposure to the data stored by customers in MongoDB Atlas. The exact duration of the compromise was not disclosed.
“We are still conducting an active investigation and believe that this unauthorized access has been going on for some period of time before discovery,” MongoDB said in the security incident notification.
In response to the breach, MongoDB also warned customers about the security breach, indicating that its corporate systems were compromised, leading to the exposure of customer data.
In emails sent to customers, MongoDB Chief Information Security Officer (CISO) Lena Smart said that the company detected their systems were hacked on Wednesday evening (December 13th) and started investigating the incident.
“MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems,” the email read. “This includes exposure of customer account metadata and contact information. At this time, we are NOT aware of any exposure to the data that customers store in MongoDB Atlas.”
While MongoDB believes that the hackers did not access customer data stored in MongoDB Atlas, it acknowledged that the unauthorized access had persisted for some time before being identified.
The company added that an active investigation is still ongoing, and it acknowledged the unfortunate likelihood of data theft in such breaches where threat actors maintain persistent access over an extended period. In response to the incident, MongoDB recommends that customers take precautionary measures, including enabling multi-factor authentication, rotating passwords, and remaining vigilant against potential targeted phishing and social engineering attacks.
Inquiries about the breach directed at MongoDB have not yielded additional information, as the company is still in the process of investigating the security incident. MongoDB assures customers that updates regarding the breach will be provided on the MongoDB Alerts web page, where they typically share information about outages and other incidents.
But there’s more to the situation. The company mentioned that it’s facing increased login attempts, creating problems for customers trying to access Atlas and the Support Portal. However, the company clarified that this issue is separate from the security incident and has already been resolved as of December 16 at 10:22 p.m. ET.
Update (as of December 17, 9:00 p.m. ET)
MongoDB Security Notice
12/17/23 – 9:00 PM EST
At this time, we have found no evidence of unauthorized access to MongoDB Atlas clusters. To be clear, we have not identified any security vulnerability in any MongoDB product as a result of this incident. It is important to note that MongoDB Atlas cluster access is authenticated via a separate system from MongoDB corporate systems, and we have found no evidence that the Atlas cluster authentication system has been compromised.
We are aware of unauthorized access to some corporate systems that contain customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer. We have notified the affected customer. At this time, we have found no evidence that any other customers’ system logs were accessed.
We are continuing with our investigation, and are working with relevant authorities and forensic firms. MongoDB will update this alert page with additional information as we continue to investigate the matter.
12/16/2023 – 05:25 PM EST
We are experiencing a spike in login attempts resulting in issues for customers attempting to log in to Atlas and our Support Portal. This is unrelated to the security incident. Please try again in a few minutes if you are still having trouble logging in. [The issue involving user login attempts has been resolved as of 10:22 PM EST]
