MongoDB comprimised

[Vod]

For those of you that use databases in their project:

MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems. This includes exposure of customer account metadata and contact information. At this time, we are NOT aware of any exposure to the data that customers store in MongoDB Atlas.

We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time and immediately activated our incident response process. We are still conducting an active investigation and believe that this unauthorized access has been going on for some period of time before discovery. We have also started notifying relevant authorities.

What should you do next?

Since we are aware that some customer account metadata and contact information was accessed, please be vigilant for social engineering and phishing attacks.
If not already implemented, we encourage all customers to activate phishing-resistant multi-factor authentication (MFA) and regularly rotate passwords.
MongoDB will continue to update mongodb.com/alerts with additional information as we continue to investigate the matter.

[1714553819]

1714553819

[1714553819]

1714553819

[1714553819]

1714553819

[seoincorporation]

I was looking at the CVE list for MongoDB and a couple of months ago there was a vulnerability that only affects Windows or macOS, but in the risk ranking it was 7.5.

https://www.cvedetails.com/cve/CVE-2023-1409/

In this attack that Vod mentioned was the company that got exploited, and their customers' data, but there is no information on how the attack happened, even could be an inside job, who knows. But that doesn't mean we can't trust the software anymore, with the right configuration should be secure enough.

By the way, this is important for the crypto community because tons of crypto projects use this DB to store the blockchain, these are some examples:

https://github.com/Iamparsa/DogeCoinDBSync
https://github.com/thelinuxkid/bitcoinquery

[Sg4j1n3ll0]

Is there a way to test the vulnerability or replicate the error?

[NotATether]

Fuck, I guess it's time to finally turn on the MFA for Atlas. 

[DaveF]

The attack on MongoDB that happened last month was against their corporate systems.
The vulnerability that seoincorporation mentioned was against the DB server that you host yourself. (and it's been patched)

Yes there are ways to test against it, but you are going to have to do some digging through the code.

And, since it's only on Mac / Windows and it's because it's not verifying some certificates properly that means that you have your DB server exposed to the public internet without having some security in front of it that will filter for this attack. And why would you be hosting a public DB server on Mac or Windows anyway?

-Dave

[Sg4j1n3ll0]

The attack on MongoDB that happened last month was against their corporate systems.
The vulnerability that seoincorporation mentioned was against the DB server that you host yourself. (and it's been patched)

Yes there are ways to test against it, but you are going to have to do some digging through the code.

And, since it's only on Mac / Windows and it's because it's not verifying some certificates properly that means that you have your DB server exposed to the public internet without having some security in front of it that will filter for this attack. And why would you be hosting a public DB server on Mac or Windows anyway?

-Dave

you can send me the code, i want dig with you