MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.
In emails sent to MongoDB customers from CISO Lena Smart, the company says they detected their systems were hacked on Wednesday evening (December 13th) and started investigating the incident.
“MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems,” reads the email from MongoDB.
“This includes exposure of customer account metadata and contact information. At this time, we are NOT aware of any exposure to the data that customers store in MongoDB Atlas.”
The company does not believe the hackers accessed any customer data stored in MongoDB Atlas. However, MongoDB says the threat actors had access to its systems for some time before they were discovered.
“We are still conducting an active investigation and believe that this unauthorized access has been going on for some period of time before discovery,” reads the security incident notification.
Unfortunately, data theft usually occurs in breaches like this, where a threat actor has had persistent access for long periods.
As customer metadata was exposed, MongoDB recommends all customers enable multi-factor authentication on their accounts, rotate passwords, and be vigilant against potential targeted phishing and social engineering attacks.
BleepingComputer reached out to MongoDB to learn more about the exposed data and how the breach occurred, but a response was not immediately available.
This is a developing story.