Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

MongoDB Security Breach: Customer Data Exposed

Executive Summary

MongoDB disclosed a security breach where unauthorised access to corporate systems resulted in the exposure of some customer account data.

MongoDB detected the anomalous activity on December 13, 2023, and immediately initiated an incident response.

According to the company, the breach had been ongoing before its discovery and did not affect the data stored in MongoDB Atlas.

Still, the company encourages customers to stay vigilant against social engineering, utilize multi-factor authentication, and update their MongoDB Atlas passwords.

What Happened

On December 13, 2023, MongoDB discovered unauthorized access to its corporate systems, resulting in the exposure of certain customer data.

Based on MongoDB’s updates:

  • The unauthorised access occurred in some corporate systems that store customer names, phone numbers, email addresses, and other customer account metadata. It also included system logs for one customer.
  • There is no evidence of unauthorized access to MongoDB Atlas clusters or the authentication system.
  • While MongoDB noticed a high number of login attempts on Atlas and its Support Portal over a period of time, the company did not attribute this activity to the incident.
  • The attack on MongoDB was a phishing attack, which involved the use of Mullvad VPN with associated IP addresses. MongoDB has shared specific indicators of compromise (IOCs).
Response from MongoDB

After acknowledging the incident on December 16, MongoDB has initiated its incident response process and has provided consistent updates, demonstrating a commitment to transparency. Indeed, regular communication ensures users are informed of the ongoing investigation.

In light of the security breach, MongoDB recommends that all customers remain vigilant against social engineering and phishing attacks. Additionally, they should enforce phishing-resistant multi-factor authentication (MFA) and regularly rotate their MongoDB Atlas passwords.

Please find below the key information in MongoDB’s latest updates on December 18:

  • No Signs of Unauthorized Access: MongoDB has not found any evidence of unauthorised access to MongoDB Atlas clusters or the authentication system.
  • Ongoing Investigation: MongoDB is collaborating with authorities and commits to updating users as the investigation progresses.
  • Indicators of Compromise (IOCs): MongoDB has shared specific IOCs related to the phishing attack, including the use of Mullvad VPN with associated IP addresses. Accordingly, users should check their networks for any suspicious activity.
About MongoDB

MongoDB Inc. is an American software company that develops and provides commercial support for the source-available NoSQL database MongoDB. MongoDB is a cross-platform document-oriented database program that uses JSON-like documents with optional schemas.

It has gained wide adoption among developers and is used in various industries. Notably, it has tens of thousands of customers in over 100 countries.

Closing Points

The investigation into the MongoDB security breach is currently ongoing, and there may be further updates as the investigation progresses. Thus, It is crucial for organisations using MongoDB to closely monitor updates and take prompt actions based on the information provided.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

Update Required Flash plugin