Data Breach Alert: MongoDB Customer Hit, Logs Accessed

MongoDB, a company specializing in the development of database software, disclosed on December 16 an unauthorized breach into some of its corporate systems. This incident led to the leakage of client account metadata and contact information, including client names, phone numbers, and email addresses. It is reported that the attack also affected the system logs of only one client, who was promptly notified by the company.

The first signs of the breach were detected on December 13, 2023. Upon discovering anomalous activity, MongoDB immediately initiated incident response measures. The company stated that unauthorized access to its systems continued for some time before it was detected, though the precise duration of the breach remains undisclosed. MongoDB has found no vulnerabilities in its products that could have been exploited in this incident.

Source: vx-underground

The company also assured that client data stored in MongoDB Atlas was unaffected. This is because access to the MongoDB Atlas cluster is authenticated through a system separate from MongoDB’s corporate systems, thereby ensuring that the Atlas cluster’s authentication system was not compromised.

In light of this incident, MongoDB recommends that all clients remain vigilant against social engineering and phishing attacks. The company advises the use of multi-factor authentication and recommends changing passwords for MongoDB Atlas accounts. Additionally, the company reported an increase in login attempts, causing difficulties for clients trying to access Atlas and the support portal. However, this is not related to the incident. The company wrote in the security incident notification:

“At this time, we have found no evidence of unauthorized access to MongoDB Atlas clusters. To be clear, we have not identified any security vulnerability in any MongoDB product as a result of this incident. It is important to note that MongoDB Atlas cluster access is authenticated via a separate system from MongoDB corporate systems, and we have found no evidence that the Atlas cluster authentication system has been compromised.

We are aware of unauthorized access to some corporate systems that contain customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer. We have notified the affected customer. At this time, we have found no evidence that any other customers’ system logs were accessed.

We are continuing with our investigation, and are working with relevant authorities and forensic firms. MongoDB will update this alert page with additional information as we continue to investigate the matter.”

The metadata disclosed during the attack is crucial for account administration and management in the system. It includes information such as account identifiers, data on the creation and last usage of the account, account status (active or blocked), roles and access rights, as well as contact details.

Although the metadata does not contain sensitive information like passwords or personal data stored in the account, it could provide malefactors with insights into the system’s structure and its users. MongoDB has announced that the incident is under active investigation and has promised to provide additional information as soon as possible.