On December 20, 2023, MongoDB provided an update on the security incident first reported on December 16, 2023. The company found no evidence of unauthorized access to MongoDB Atlas clusters or the Atlas cluster authentication system. The ongoing investigation suggests that an unauthorized third party utilized a phishing attack to access corporate applications used for support services.
As of the latest update, MongoDB is confident that the unauthorized third party has been removed from the corporate applications, and the incident is considered contained. The security breach exposed a list of contact information and related account metadata detailed in the blog post linked in MongoDB's update.
In response to the incident, MongoDB personnel have individually contacted customers with exposure beyond the specified fields. MongoDB emphasizes transparency and continues investigating the matter, collaborating with forensic experts and relevant authorities. The company commits to providing updates as new information becomes available.
For those concerned about the security of their networks, MongoDB has shared indicators of compromise (IOCs) related to the incident. The company recommends using this information to search for suspicious activity within networks. Additionally, MongoDB advises customers to remain vigilant against social engineering and phishing attacks, activate phishing-resistant multifactor authentication (MFA), and regularly rotate passwords.
The security incident timeline is as follows:
December 16, 2023 - 03:00 PM EST: MongoDB initiates an investigation into unauthorized access to corporate systems, exposing customer account metadata. Recommendations for protection and vigilance are provided.
December 16, 2023 - 5:25 PM EST: MongoDB experiences a spike in login attempts, resulting in login issues for customers attempting to log in to Atlas and the Support Portal. This issue is unrelated to the security incident. The login problem is resolved by 10:22 PM EST.
December 17, 2023 - 9:00 PM EST: MongoDB acknowledges unauthorized access to corporate systems containing customer information. No evidence of access to Atlas clusters is reported. The investigation is ongoing, with collaboration with relevant authorities and forensic firms.
December 18, 2023 - 9:00 PM EST: MongoDB reports no evidence of unauthorized access and expresses high confidence in being victims of a phishing attack. Indicators of Compromise (IOCs) are shared to help customers identify possible anomalous activity.
December 20, 2023 - 9:00 PM EST: MongoDB provides an update, confirming no unauthorized access to Atlas clusters and detailing the incident's containment. A blog post is shared about the exposed contact information and related account metadata.
As MongoDB continues investigating the matter, the company remains committed to transparency, providing updates, and collaborating with forensic experts and authorities. Customers are advised to remain vigilant against social engineering and phishing attacks, activate phishing-resistant multifactor authentication (MFA), and regularly rotate passwords. Further updates will be posted on the MongoDB alerts page.
In our blog, we post technology-related articles weekly. Follow us on Facebook and Instagram to get notifications about updates.