MongoDB Investigates ‘Security Incident’

MongoDB is investigating unauthorized access to corporate systems, which may have exposed customer account metadata and contact information.

The New York-based data platform vendor posted on Saturday about “a security incident,” saying that it actually “detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time, immediately activated our incident response process, and believe that this unauthorized access has been going on for some period of time before discovery.”

At 9 p.m. Eastern Sunday, MongoDB said that it has “found no evidence of unauthorized access to MongoDB Atlas clusters” and it has “not identified any security vulnerability in any MongoDB product as a result of this incident.”

MongoDB Security Incident

CRN has reached out to MongoDB for comment.

The vendor has 1,000 worldwide channel partners and 400 in North America, according to CRN’s 2023 Channel Chiefs.

In the Sunday post, MongoDB said that an unauthorized actor accessed systems with customer names, phone numbers and email addresses plus one customer’s system logs.

“We are continuing with our investigation, and are working with relevant authorities and forensic firms,” the vendor said.

In the Saturday post, MongoDB advised users to “be vigilant for social engineering and phishing attacks, activate phishing-resistant multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords.”

Leave a Reply

Your email address will not be published. Required fields are marked *