MongoDB has experienced a security incident in which unauthorized access to its corporate systems was identified.
However, the company confirmed that there was no evidence of access to any customer’s system logs. MongoDB is currently investigating the incident with authorities and forensic experts.
This incident was discovered on Saturday (16th December 2023) when there was a suspicious activity of unauthorized access to their corporate systems. It was found later that the unauthorized access had a longer period before it was detected.
Incident Response Report
According to the reports shared with Cyber Security News, the security incident involving this unauthorized access to their corporate system included customer account metadata, contact information, customer names, phone numbers, and email addresses.
However, no security vulnerability was identified in any MongoDB products as part of this incident. In addition to this, the company also confirmed that the MongoDB Atlas cluster had no evidence of unauthorized access.
MongoDB specified that MongoDB Atlas cluster authentication has a separate system from MongoDB corporate systems, and there was no evidence of compromise on the authentication system.
Login Spike
After the first incident report of this incident, there was a second incident, which stated a high number of login attempts that resulted in issues with Atlas and the MongoDB support portal.
MongoDB confirmed that this activity was unrelated to the security incident and urged their users to try again after a few minutes.
Investigations are still ongoing, and a complete incident report about this incident has yet to be published. Organizations must keep all their systems updated and patch all the products appropriately to prevent these kinds of incidents.