MongoDB hacked, user data exposed


Threat actors have accessed MongoDB corporate systems, putting user data at risk.

In the security notice on December 16th, MongoDB admitted to a security incident involving unauthorized access to its corporate systems.

Threat actors accessed customer names, phone numbers, email addresses, and customer account metadata, including system logs for one customer. The company claims it hasn’t found evidence that any other customers’ system logs were accessed.

MongoDB detected the hack on December 13th. However, it believes the threat actors had unauthorized access to systems for some period of time before discovery.

MongoDB Inc. provides a document-oriented database platform. The company says that it hasn’t identified security vulnerabilities in any MongoDB products as a result of the incident.

According to the security notice, access to the MongoDB Atlas cluster is authenticated via a separate system from MongoDB corporate systems, and there is no evidence that this system has been compromised.

The company advises customers to stay vigilant for social engineering and phishing attacks, activate phishing-resistant multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords.

Headquartered in New York, MongoDB has more than 37,000 customers in over 100 countries. The MongoDB database platform has been downloaded over 300 million times, and there have been more than 1.5 million registrations for MongoDB.