MongoDB investigating security incident that exposed data about customer accounts. The massive database management company MongoDB has said it is looking into a security breach that may have exposed some user data.
According to its website, the New York-based MongoDB assists more than 46,000 businesses in managing their databases and enormous data warehouses, including Adobe, eBay, Verizon, and the Department for Work and Pensions in the United Kingdom. The firm offers two products: its Atlas database-as-a-service and its MongoDB self-hosted open-source database.
MongoDB claimed it was actively looking into a “security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information,” in a notification posted late on Saturday.
Though it acknowledged that “unauthorized access has been going on for some period of time before discovery,” MongoDB stated that it first noticed suspicious behavior on Wednesday. Lena Smart, the MongoDB CISO, declined to comment when TechCrunch asked her how long hackers might have been able to access MongoDB’s servers.
In a Sunday update, MongoDB stated that it didn’t believe hackers had accessed any customer data stored in MongoDB Atlas, the company’s hosted database product.
However, the business stated that it is “aware” that hackers gained access to parts of its corporate networks, which included client information such as phone numbers, email addresses, and other as-yet-unspecified metadata.
According to MongoDB, this includes system logs for one client. System logs may include details about how a database or the system that powers it is operating. This client was contacted, according to CISO Smart, and the company has “found no evidence that any other customers’ system logs were accessed.”
What technological proof MongoDB has to identify malicious behavior on its network—like its own logs—is unclear.
MongoDB refused to disclose the potential number of customers the corporate system breach might impact. The corporation has not yet disclosed to the U.S. Securities and Exchange Commission how and when it was penetrated, which internal systems were accessed, or whether it was alerted. Organizations must report “material” cybersecurity problems to the regulator within four days of discovery as of December 18.
In addition to turning on phishing-resistant multi-factor authentication on their accounts—which the firm does not mandate—MongoDB advises users to be on the lookout for social engineering and phishing attempts.
Although it claimed this had nothing to do with the security problem, the firm said over the weekend that it was “experiencing a spike in login attempts resulting in issues for customers attempting to log in to Atlas and our Support Portal.”
