MongoDB has issued a warning, notifying users that a cyberattack on its corporate systems has led to the exposure of customer data. The breach was detected earlier this week, prompting an immediate investigation.
In communications to MongoDB customers, Chief Information Security Officer (CISO) Lena Smart revealed that the security incident was identified on Wednesday evening (December 13th). The company reassures users that the breach did not compromise data stored in MongoDB Atlas, the platform customers use for data storage.
“We are currently probing a security incident involving unauthorized access to specific MongoDB corporate systems,” MongoDB stated in the email to its users. “This includes the exposure of customer account metadata and contact information.”
Despite the assurance regarding MongoDB Atlas data, the company acknowledges that the unauthorized access by threat actors occurred for a considerable period before being discovered. The ongoing investigation is delving into the extent and duration of this breach.
MongoDB emphasizes the importance of user vigilance, recommending customers activate multi-factor authentication, update passwords, and stay alert to potential targeted phishing and social engineering attacks. Such precautions are crucial given the unfortunate commonality of data theft in breaches with prolonged unauthorized access.
Responding to inquiries about the breach, MongoDB stated that the investigation is still underway, offering no further details at this time. Regular updates regarding the incident will be posted on the MongoDB Alerts web page, traditionally used by the company to communicate information about outages and other incidents. Users are encouraged to stay informed through these updates as the situation develops.