Database provider MongoDB has posted a security notice about a security incident in which attackers obtained unauthorized access to some of its corporate systems. The targeted system contained customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer.
That customer has been notified separately and there is no evidence that any other customers’ system logs were accessed. MongoDB said there is no evidence of unauthorized access to Atlas clusters since that would require compromise of the separate Atlas cluster authentication system.
On Wednesday December 13, 2023, MongoDB’s staff detected suspicious activity and began an investigation. The investigation is ongoing, but it appears that the unauthorized access was going on for “some period of time” before discovery.
In emails sent to MongoDB customers, MongoDB advises users to be alert about phishing and social engineering attacks that might use the leaked customer metadata to gain credibility.
Scammers often try to take advantage of data breaches. They know that the breached company is likely to be contacting victims, and that the victims will be looking out for emails from the company. It’s easy to spoof an email to make it look like it comes from somewhere else, and then send someone malware or a link to a phishing site.
Users are also advised to rotate database passwords and enable multi-factor authentication (MFA).
If you suspect you might be affected by this data breach, you may want to keep an eye on the alert page with additional information as MongoDB continues to investigate the matter. And if there is anything important, we will update this article.
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.