Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

MongoDB support firm says intruders may have accessed databases

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 30 Oct 2013 06:40:20 +0000 (UTC)
http://www.networkworld.com/news/2013/103013-mongodb-support-firm-says-intruders-275395.html

By Jeremy Kirk
IDG News Service
October 29, 2013
MongoHQ, which provides hosting and support for the open-source Mongo database, said attackers may have accessed several of its customers' databases earlier this week.
On Monday, someone accessed an internal support application using a password that had been used for a compromised personal account, wrote Jason McCay, MongoHQ's founder.
The support application contains connection information for customer MongoDB instances, along with lists of databases, email addresses and user credentials hashed with bcrypt, a file encryption tool, McCay wrote. An audit showed that several databases may have been accessed via that support application.
"We believe we have exhausted the scope of this compromise and are directly contacting all affected customers," McCay wrote. "We are continuing to evaluate our audit logs and conducting further investigations with the help of third-party experts." 

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: