MongoDB investigates cyber attack, customer data leaked
December 17, 2023
MongoDB announced Saturday that it is investigating a cyberattack that compromised customer account metadata and contact information.
MongoDB said on Saturday that it is investigating a cyber attack on certain corporate systems.
MongoDB is an American company that has developed a popular open source NoSQL database management system.
The cyberattack was discovered on December 13, 2023, and customer account metadata and contact information were compromised. The American company immediately launched an incident response plan and noted that it was not aware of the data breach.
“MongoDB actively investigates security incidents involving unauthorized access to certain MongoDB corporate systems, including the compromise of customer account metadata and contact information. We detected suspicious activity on the evening of December 13th and immediately activated our incident response process and believe that this unauthorized access had been ongoing for some period of time before being discovered.” caveat It was issued by the company. ” At this time, we are not aware of any data breaches that customers store in MongoDB Atlas. ”
US companies are warning customers to be wary of social engineering and phishing attacks. The company also recommends active multi-factor authentication (MFA) and regularly rotates MongoDB Atlas passwords.
At this time, it is still unclear how long threat actors maintained access to compromised systems.
MongoDB reveals that an update the company provided on December 16th is experiencing a spike in login attempts, resulting in problems for customers trying to log into Atlas and the support portal. I made it. However, the company says this activity is not related to any security incident.
Follow us on Twitter: @securityaffairs and Facebook and mastodon
(Security related matters – hacking, data breach)