MongoDB corporate systems breached, customer data exposed

Database management company MongoDB has suffered a breach: attackers have gained access to some of its corporate systems and customer data and metadata.

The MongoDB breach

“We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time, immediately activated our incident response process, and believe that this unauthorized access has been going on for some period of time before discovery,” the company said on Saturday.

On Sunday, MongoDB noted that, at this time, they “have found no evidence of unauthorized access to MongoDB Atlas clusters“, not that the Atlas cluster authentication system – which is separate from MongoDB corporate systems – has been compromised.

What was compromised?

The corporate systems accessed by the attackers contain customer names, phone numbers, and email addresses (among other customer account metadata) and system logs for one customer.

“We have notified the affected customer. At this time, we have found no evidence that any other customers’ system logs were accessed,” they added.

The company also noted on Saturday that there has been a spike in login attempts on that day, which caused login issues for customers trying to access Atlas and the Support Portal, but clarified this was not related to the security incident.

Advice to affected customers

With personal data being exposed, customers should keep an eye on any suspicious activity involving their accounts.

They are urged to:

• Be on the lookout for social engineering and phishing attacks
• Enable multi-factor authentication (MFA)
• Change MongoDB Atlas passwords frequently

The investigation into the incident is still ongoing. As the company suspects that the attackers have had access to the systems “for some period of time before discovery”, it’s likely that scope of the breach will widen.