It’s not a happy holiday for MongoDB after the company was the victim of a cyber attack involving the theft of sensitive customer information.
MongoDB offers an open source NoSQL database management program for over 46,000 customers as an alternative to traditional relational databases.
Here’s everything we know about the data breach so far, including guidance on what to do if you’re a MongoDB customer.
What happened during MongoDB’s breach?
According to an email sent to MongoDB customers by the company’s CISO, MongoDB detected their systems were hacked on December 13, 2023 and quickly started investigating the incident.
“MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems,” said the email from the company’s CISO. A later statement revealed that the company was the victim of a successful phishing attack.
Once the hackers were in MongoDB’s systems, they managed to access “customer account metadata and contact information” according to the statement. Luckily, it appears that the attackers did not manage to access any data that customers store in MongoDB Atlas, which is the company’s fully-managed cloud database.
What data was stolen?
Unusually, this incident didn’t involve the theft of troves of customer data. As stated in a new update the company released on the December 18, 2023:
“We are aware of unauthorized access to some corporate systems that contain customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer.”
MongoDB
MongoDB went on to state that it has notified the affected customer and that, at present, it had found no further evidence of compromise to other customer system logs.
The fact that the threat actor stole only the data of one customer could mean one of two things. Either, the hacker only managed to access the details of one MongoDB customer or the cybercriminal responsible was on a targeted mission.
What should MongoDB customers do?
As this attack only seemingly impacted one customer, most MongoDB users appear to be in the clear, especially as the company has emphasized that there’s been no evidence of cloud hijacking MongoDB Atlas.
However, MongoDB also shared that the threat actors had access to its systems for quite some time before they were discovered. As the investigation is still ongoing, anything is possible.
Because of this, it’s wise for all MongoDB customers to remain vigilant and bolster their security controls. On its website, MongoDB offers guidance to help customers enable phishing-resistant multi-factor authentication, which it does not mandate by default.
However, as we’ve seen before, multi-factor authentication is rarely enough to stop a determined cybercriminal, which is why it’s wise to bolster your database data security with data loss prevention (DLP).
Our tool, Polymer DLP, harnesses the power of artificial intelligence to autonomously discover and protect sensitive data like PII, passwords, secrets, and keys in your repositories, so you can prevent data exposure and theft.
Find out more about how Polymer DLP can help you prevent sensitive data exposure today.
