Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Data Breaches

MongoHQ Hacked – Exposes user Details

Paul Anderson by Paul Anderson
October 31, 2013 - Updated on November 21, 2013
in Data Breaches, Public, Security
0
mongohq
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Cloud-based database service MongoHQ said it’s changing log-in credentials for employees and customers alike after suffering a security breach that allowed attackers to access sensitive customer files and obtain users’ e-mail addresses and cryptographically scrambled password data.

You might also like

BreachForums Owner Arrested and Charged

US politicians personal details compromised in hack

Acer corporate confirms breach – data being sold for Monero

The intrusion occurred Monday, when hackers gained access to an internal support application that included a troubleshooting feature that allows MongoHQ employees to view an account as if they are a specific customer. The support application allowed the intruders to view account information, including lists of databases, e-mail addresses, and passwords that were protected with the bcrypt hashing algorithm, Jason McCay, co-founder of the service, wrote in an advisory published Tuesday afternoon. The attackers also had the ability to view the MongoHQ account database, which includes connection information for customers’ MongoDB instances.

“We’ve conducted an audit of direct access to customer databases and determined that several databases may have been accessed using information stored in our account database,” McCay wrote. “We are contacting affected customers directly. If you have not heard from us individually, there is no evidence that your DB was accessed by an unauthorized user.”

The breach was the result of a “credential that had been shared with a compromised personal account.” Buffer, a service that allows people to schedule updates to Twitter, Facebook, and other social media sites, experienced a hack over the weekend. The method used in the MongoHQ breach was similar to the one used to obtain Buffer users’ access tokens, Buffer CEO and founder Joel Gascoigne wrote in a post Tuesday on Hacker News.

McCay went on to instruct customers to change database passwords, either through the MongoHQ user interface or by connecting directly to the database and issuing the db.addUser(‘USERNAME’, ‘PASSWORD’) command. To prevent further breaches, MongoHQ employees have also invalidated any Amazon Web Services credentials that were stored on the site for purposes of backing up databases to the Amazon S3 service.

Read more…

Tags: Amazon S3Amazon Web ServicesbreachhackedMongoHQsecurity
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

BreachForums Owner Arrested and Charged

by Paul Anderson
March 17, 2023
0
BreachForums Owner Arrested and Charged

On Wednesday afternoon, federal agents arrested a man in Peekskill, New York, for allegedly running a dark web data breach site known as "BreachForums." The suspect, Conor Brian...

Read more

US politicians personal details compromised in hack

by Kyle
March 9, 2023
0
US politicians personal details compromised in hack

A hacker has claimed that personally identifiable information (PII) belonging to several members of the US Congress may have been compromised in a cyberattack on DC Health Link,...

Read more

Acer corporate confirms breach – data being sold for Monero

by Kyle
March 8, 2023
0
Acer corporate confirms breach – data being sold for Monero

Acer, the sixth-largest PC maker in the world, has confirmed that it suffered a data breach in mid-February 2023 that compromised its intellectual property and other sensitive data....

Read more

Stolen credit card market BidenCash leaks over 2 million credit cards

by Paul Anderson
March 3, 2023
0
Stolen credit card market BidenCash leaks over 2 million credit cards

BidenCash, a marketplace that focuses on carding, has leaked a database of 2,165,700 credit and debit cards to celebrate its first anniversary. Instead of keeping the leak a...

Read more

Blackmailing data thieves who targeted thousands of businesses apprehended

by Paul Anderson
February 26, 2023
0
Blackmailing data thieves arrested by Dutch police

The Dutch police recently apprehended three additional suspects in what is considered one of the most significant data extortion cases to date. These suspects, aged between 18 and...

Read more
Next Post
1,000 Argentinian Websites Breached and Defaced

1,000 Argentinian Websites Breached and Defaced

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.