MongoDB says hackers accessed corporate systems containing customer info

Jason Macuray
Hackers infiltrated the systems of billion-dollar software giant MongoDB and accessed customer information during a recent cybersecurity incident, the company said over the weekend.

Hackers infiltrated the systems of billion-dollar software giant MongoDB and accessed customer information during a recent cybersecurity incident, the company said over the weekend.

MongoDB is “aware of unauthorized access to some corporate systems that contain customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer,” it said in a notice on Sunday.

“We have notified the affected customer. At this time, we have found no evidence that any other customers’ system logs were accessed,” the company added.

MongoDB is one of the largest database software companies currently operating, reporting $1.2 billion in revenue this year.

The Sunday notice came after the company published a warning on Saturday afternoon that it was investigating “a security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information.”

They sent an email to customers explaining that the incident began on Wednesday night when they detected suspicious activity, warning that the “unauthorized access has been going on for some period of time before discovery.”

Customers, they added, should be wary of social engineering and phishing attacks. In an update released about two hours later, MongoDB noted that it was experiencing a spike in login attempts that was causing issues for customers trying to login.

On Sunday, the company said it “found no evidence” that the hackers accessed MongoDB Atlas — an integrated suite of data services centered around a cloud database. They also said the intrusion was not the result of any security vulnerabilities in MongoDB products but did not say how the hackers got into their systems.

“We are continuing with our investigation, and are working with relevant authorities and forensic firms,” they said.

BriefsCybercrimeTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Apparel giant VF reports cyberattack on first day of SEC disclosure rule

Next Post

Alleged LockBit operator to face new cybercrime charges in Canada

Related Posts

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021. This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh
Avatar
Read More