MongoDB reports data breach at Atlas, customer metadata exposed
Take action: If you are using MongoDB Atlas, start changing your Atlas passwords (both for the users and for database connections) IMMEDIATELY. And enforce MFA for all human users. The statement from MongoDB is quite vague but if any access credentials are compromised, your entire dataset stored in Atlas may be at risk.
Learn More
MongoDB, a major database management company, experienced a cyberattack resulting in unauthorized access to its corporate systems, as confirmed by Lena Smart, the company's Chief Information Security Officer (CISO).
The breach was detected on the evening of December 13th, 2023. It involved the exposure of customer account metadata and contact information but, as of now, there is no evidence of exposure to the data stored in MongoDB Atlas, the company's cloud-based database service.
This includes exposure of customer account metadata and contact information. At this time, MongoDB claims they are not aware of any exposure to the data that customers store in MongoDB Atlas.
The company believes that the unauthorized access had been ongoing for some time before it was discovered, raising concerns about the potential misuse of exposed sensitive data. MongoDB has initiated a comprehensive investigation into the incident and has notified relevant authorities.
MongoDB has not disclosed details about the nature of the attack nor the number of affected customers.
As a precaution, MongoDB is advising all customers to enable phishing-resistant multi-factor authentication (MFA), regularly rotate passwords of their Atlas instances, and remain vigilant against potential social engineering and phishing attacks. The company is managing the situation actively, with ongoing updates promised on their alert page.
Additionally, on December 16th, 2023, MongoDB reported an increase in login attempts which caused access issues for customers trying to use MongoDB Atlas and Support Portal. This was clarified as being unrelated to the security incident.
