- Why the iPad Mini 7 is the ultraportable tablet to beat this holiday travel season - and it's $50 off
- The best iPads for college: Expert tested and reviewed
- One of the best mid-range sports watches I've tested is on sale for Black Friday
- This monster 240W charger has features I've never seen on other accessories (and get $60 off this Black Friday)
- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
MongoDB Investigates Customer Account Data Breach
Database provider MongoDB has alerted customers to a data breach in which some account and contact information was compromised.
An email from MongoDB CISO, Lena Smart, sent to customers late last week was republished on X (formerly Twitter) by the vx-underground account.
“MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems,” it explained. “This includes exposure of customer account metadata and contact information. At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas.”
The incident was detected on December 13 and Smart said the firm immediately activated its incident response processes.
“We are still conducting an active investigation and believe that this unauthorized access has been going on for some period of time before discovery,” she added.
Read more on MongoDB security threats: MongoDB Instance Leaks 200 Million Chinese CVs
In the meantime, customers were urged to monitor for phishing attempts using the stolen account or metadata to make them seem more convincing.
“If not already implemented, we urge all customers to activate phishing-resistant multi-factor authentication (MFA) and regularly rotate passwords,” Smart concluded.
A new update from the firm over the weekend said a spike in login attempts resulting in issues for customers attempting to access Atlas and its Support Portal was unrelated to this security incident.
Misconfigured MongoDB databases have been a common target for attack over the years, enabling opportunistic hackers to steal customer data and hold it to ransom. However, the firm itself has not suffered any major breaches in the recent past.
Image credit: rafapress / Shutterstock.com