Security Affairs
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

MongoDB investigates a cyberattack, customer data exposed

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. MongoDB on Saturday disclosed it is investigating a cyber attack against certain corporate systems. MongoDB is a US company that developed the popular open-source NoSQL database management system. The cyber attack was discovered on December 13, 2023, and […]

MongoDB

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information.

MongoDB on Saturday disclosed it is investigating a cyber attack against certain corporate systems.

MongoDB is a US company that developed the popular open-source NoSQL database management system.

The cyber attack was discovered on December 13, 2023, and led to the exposure of customer account metadata and contact information. The American company promptly started its incident response plan and pointed out that it is not aware of any data exposure.

“MongoDB is actively investigating a security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information. We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time, immediately activated our incident response process, and believe that this unauthorized access has been going on for some period of time before discovery.” reads the alert published by the company.” At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas.” 

The US firm urges customers to be vigilant for social engineering and phishing attacks. The company also recommends active multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords.

At this time it is still unclear how long threat actors maintained access to the compromised systems.

In an update provided by the company on December 16, MongoDB disclosed it is experiencing a spike in login attempts resulting in issues for customers attempting to log in to Atlas and our Support Portal. However, the company states that the activity is not related to the security incident.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)