December 17, 2023 at 12:24AM
On Dec 13, 2023, MongoDB detected unauthorized access to its systems, leading to exposure of customer data. The company recommends customers to watch out for social engineering and phishing attacks, enforce MFA, and rotate their MongoDB Atlas passwords. Additionally, MongoDB is experiencing login issues, unrelated to the security event. Further updates are awaited.
From the meeting notes, the key takeaways are:
1. MongoDB is actively investigating a security incident that has resulted in unauthorized access to certain corporate systems and exposure of customer account metadata and contact information.
2. Anomalous activity was detected on December 13, 2023, and incident response efforts were immediately activated.
3. The unauthorized access had been ongoing for some time before discovery, but it’s not aware of any exposure to the data that customers store in MongoDB Atlas.
4. MongoDB recommends customers to be vigilant against social engineering and phishing attacks, enforce phishing-resistant multi-factor authentication, and rotate their MongoDB Atlas passwords.
5. Elevated login attempts are causing issues for customers attempting to log in to Atlas and the Support Portal, which is unrelated to the security event.
6. The Hacker News has reached out to MongoDB for additional comments, and the story is still developing.