MongoDB has recently confirmed a cyberattack on its corporate systems, resulting in the exposure of customer data. The company detected suspicious activity on the evening of December 13th and began an immediate investigation.
According to an email sent to MongoDB customers from Chief Information Security Officer (CISO) Lena Smart, the unauthorized access to certain MongoDB corporate systems led to the exposure of customer account metadata and contact information. At the time of writing this article, the company found no evidence of exposure to the data stored in MongoDB Atlas.
The attacker had gained access to MongoDB’s systems for an extended period before the breach was discovered. So, it raises concerns about potential data theft. The company is actively investigating the incident and has also urged all customers to take immediate security measures.
MongoDB recommends all customers to enable multi-factor authentication on their accounts and regularly rotate passwords.
MongoDB also revealed that it is experiencing a spike in login attempts. These attempts are creating issues for customers attempting to log in to Atlas and our Support Portal. The company confirmed that this incident is unrelated to the data breach. This issue was resolved as of 10:22 PM EST on 12/16, It also found no evidence of unauthorized access to MongoDB Atlas clusters,
“To be clear, we have not identified any security vulnerability in any MongoDB product as a result of this incident,” the company noted.
MongoDB is investigating the incident and is expected to provide further updates. The company’s proactive communication about the breach aligns with industry best practices for transparency and customer protection. Customers are also encouraged to follow the company’s guidelines to enhance the security of their accounts.
