On Wednesday, December 13, MongoDB detected an exposure in their systems, and customer account metadata and contact information. MongoDB is currently conducting an investigation to determine the extent of the exposure. In an email sent out to customers, MongoDB CISO Lena Smart informed users that at present they were “not aware of any exposure to the data customers store in MongoDB Atlas.” Despite these assurances, customers using MongoDB Atlas, the SaaS service provided by MongoDB, may be concerned that their managed environment is at risk.
MongoDB is a widely used and versatile NoSQL database management system that provides a flexible, scalable, and high-performance solution for handling unstructured or semi-structured data. Known for its document-oriented architecture, MongoDB stores data in JSON-like BSON documents, allowing for dynamic schema design and easy scalability. It is favored by developers for its ability to handle large amounts of data and its support for complex queries, making it a popular choice for modern, data-intensive applications.
Inside the Incident
MongoDB has told The Hacker News that the incident is still under investigation, and it’s not known how threat actors entered into the platform. However, the company believes the unauthorized access has been going on for some time before discovery. This type of exposure, where the threat actor has access for an extended period of time, is an indicator of data theft.
Recommendations from MongoDB and Adaptive Shield
Due to the exposed customer account metadata and contact information, MongoDB has advised that customers be vigilant for social engineering and phishing attacks. Threat actors often use this type of data in developing sophisticated attacks.
Furthermore, MongoDB encourages all Atlas customers to activate multi-factor authentication (MFA) and implement a password rotation policy.
Adaptive Shield automatically checks MFA configurations, as well as all security-related settings in Atlas, as part of its automated monitoring processes, and issues alerts if the application is at risk. If you aren’t using Adaptive Shield, our security experts recommend checking the following settings to secure your Atlas instance:
- Two Factor Authentication Enforcement – Enable two-factor authentication for your MongoDB Atlas instance. This action was recommended by MongoDB, and adds an additional layer of assurance in user authentication.
- MFA for all Users – Activate MFA for All Users to require every user logging to Atlas to use two-factor authentication.
- Unused API Keys – Go to Access Manager to find all active, unused API keys and delete them.
- API Key Rotation – Turn API Key Rotation on to limit the likelihood of leaks and comply with security standards.
Set up Automated Security Checks for MongoDB
Enterprises that use Adaptive Shield’s SaaS Security Posture Management (SSPM) platform can easily gain visibility into MongoDB’s Atlas posture. Adaptive Shield has 15 security checks covering access control, MFA, key management, and other security domains. Adaptive Shield also discovers admin and local accounts, as well as consolidates multiple identities into a single user for contextualized visibility into users accessing applications to enhance MongoDB security.