Security Lapse at MongoDB Unveils Vulnerabilities, Compromising Customer Information
On December 13, 2023, MongoDB detected unauthorized access to certain corporate systems, leading to the exposure of customer account metadata and contact information. The company initiated an immediate investigation and activated incident response efforts. The unauthorized access had been ongoing for some time before discovery, but MongoDB stated it was not aware of any exposure to data stored in MongoDB Atlas.
As a precaution, MongoDB recommends customers watch for social engineering and phishing attacks, implement phishing-resistant multi-factor authentication (MFA), and change MongoDB Atlas passwords. The company experienced elevated login attempts unrelated to the security event but resolved the issue by December 16, 10:22 p.m. ET.
In an update on December 17, MongoDB reported no evidence of unauthorized access to MongoDB Atlas clusters, emphasizing the absence of identified security vulnerabilities in any MongoDB product. The incident involved unauthorized access to corporate systems containing customer data, but only one customer's system logs were accessed, and they were notified. MongoDB continues its investigation, collaborating with authorities and forensic firms.
In a subsequent update on December 18, MongoDB disclosed the incident as a phishing attack, revealing the use of Mullvad VPN to conceal the attacker's identity. The company identified 15 IP addresses associated with the activity but has not yet disclosed the attack's timeline, accessed systems, or the extent of customer information affected by the corporate systems breach. The investigation is ongoing.
Source: https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html