Month: December 2023

Posted on mongodb google news. Visit mongodb google news

Database management company MongoDB has suffered a breach: attackers have gained access to some of its corporate systems and customer data and metadata. The corporate systems accessed by the attackers contain customer names, phone numbers, and email addresses and system logs for one customer. With personal data being exposed, customers should keep an eye on any suspicious activity involving their accounts.

Read more: https://www.helpnetsecurity.com/2023/12/18/mongodb-breach/

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

MongoDB says hackers had access to certain corporate systems “for some period of time before discovery” and stole a customer’s system logs, as it reported a cybersecurity breach this week, in an evolving story.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

MDB stock traded lower Monday after database software company MongoDB (MDB) said it was investigating a security incident involving unauthorized access to some of its internal corporate systems.

In an alert posted late Friday, MongoDB told customers it was “actively investigating a security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information.”

The company said in a subsequent update that it had not identified any security vulnerability in its MongoDB database products. The MongoDB Atlas product used by customers has a separate authentication system from its corporate system, the company alert said.

But the company said it is aware of “unauthorized access to some corporate systems.” Those systems include customer names, phone numbers and email addresses. For one customer, MongoDB said it uncovered unauthorized access to system logs. MongoDB said the company notified that customer.

“At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas,” the company said in a Saturday alert. “Nevertheless, we recommend that customers be vigilant for social engineering and phishing attacks, activate phishing-resistant multifactor authentication, and regularly rotate their MongoDB Atlas passwords”

On the stock market today, MDB stock shed 1.5% to 413.89 in recent trades.

MDB Stock: Company Says Investigation Ongoing

Further, MongoDB said it is still investigating the incident and “working with relevant authorities.” It first detected suspicious activity on Dec. 13.

MongoDB provides database software for more than 46,000 customers, according to its website.

Meanwhile, MDB stock has been on the rise this year. Shares have gained 113% heading into trading Monday. The action early Monday pushed MDB stock below a cup-with-handle entry point of 412.67, according to MarketSmith. Shares had pushed past that point late last month.

YOU MAY ALSO LIKE:
Is Consumption-Based SaaS Pricing Back In Favor With Investors?

MongoDB Posts 30% Sales Jump And Earnings Beat But Shares Slide

How To Research Growth Stocks: Why This IBD Tool Simplifies The Search For Top Stocks

Looking For The Next Big Stock Market Winners? Start With These 3 Steps

Join IBD Live For Stock Ideas Each Morning Before The Open

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

News Home

Monday, December 18, 2023 08:53 AM | InvestorsObserver Analysts

Mentioned in this article

Mongodb Inc (MDB) is down -1.71%% today.

MDB has an Overall Score of 70. Find out what this means to you and get the rest of the rankings on MDB!

MDB stock closed at $420.17 and is down -$7.17 during pre-market trading. Pre-market tends to be more volatile due to significantly lower volume as most investors only trade between standard trading hours.

MDB has a strong overall score of 70 meaning the stock holds a better value than 70% of stocks at its current price. InvestorsObserver’s overall ranking system is a comprehensive evaluation and considers both technical and fundamental factors when evaluating a stock. The overall score is a great starting point for investors that are beginning to evaluate a stock.

MDB gets a average Short-Term Technical score of 60 from InvestorsObserver’s proprietary ranking system. This means that the stock’s trading pattern over the last month have been neutral. Mongodb Inc currently has the 50th highest Short-Term Technical score in the Software – Infrastructure industry. The Short-Term Technical score evaluates a stock’s trading pattern over the past month and is most useful to short-term stock and option traders.

Mongodb Inc’s Overall and Short-Term Technical score paint a mixed picture for MDB’s recent trading patterns and forecasted price.

Click Here To Get The Full Report on Mongodb Inc (MDB)

Share this article:

Stay In The Know

Subscribe to our daily morning update newsletter and never miss out on the need-to-know market news, movements, and more.

Thank you for signing up! You’re all set to receive the Morning Update newsletter

Related Articles

• Monday, December 18, 2023 09:40 AM | InvestorsObserver Analysts

• Monday, December 18, 2023 09:38 AM | InvestorsObserver Analysts

• Monday, December 18, 2023 09:36 AM | InvestorsObserver Analysts

• Monday, December 18, 2023 09:35 AM | InvestorsObserver Analysts

• Monday, December 18, 2023 09:04 AM | InvestorsObserver Analysts

• Monday, December 18, 2023 09:00 AM | InvestorsObserver Analysts

You May Also Like

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

Customer contact info stolen from MongoDB, more stringent American cyber attack reporting rules start today.

Welcome to Cyber Security Today. It’s Monday, December 18th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

This is a notable day if you’re a publicly traded company in the U.S. Most companies now have to file a notice of a data breach to the Securities and Exchange Commission within four business days of determining the attack many have a material impact on the company. Smaller companies have to start filing next June 15th. Firms can ask the FBI for a delay in filing if disclosure poses a substantial risk to national security or public safety.

Companies that operate in Utah should note that the state’s new data privacy law comes into effect on December 31st. The law requires businesses to implement data security practices to protect users’ confidentiality. It gives consumers the right to tell firms to stop using their data in advertising. It’s also the first U.S. state to give social media privacy rights to children. Utah is the fourth state to enact a comprehensive consumer data protection law.

Meanwhile, in California browser makers like Google, Microsoft and Apple and firms that do business online may see their personal data collection limited. The California Privacy Protection Agency has voted to ask the legislature for a new law. It would require browser vendors to give California residents the ability to forbid any business from selling or sharing the personal data they collect. That’s right: Instead of having to find an option on every website a user goes to, every browser would have a button or setting to check that limits personal data collection by anyone. Any firm the user connects to by a browser would have to obey the opt-out preference. That opt-out data collection option for firms came into effect under California’s new Consumer Privacy Act. However, so far only a limited number of browsers including Firefox, DuckDuckGo and Brave have a browser opt-out preference. The proposed new law would broaden that.

Administrators who oversee a MongoDB database are being warned to watch for signs of attack. This comes after the developer last week spotted an unauthorized access to MongoDB’s corporate IT systems. What the hacker might have seen is customer account metatdata and related contact information. The access had been going on for some time. So far there’s no evidence that any customer data stored in the Atlas developer platform has been copied. However, to be on the safe side users and administrators should watch for social engineering and phishing attacks that may appear to come from MongoDB. If they haven’t done so by now administrators should activate phishing-resistant multifactor authentication.

The PyPI website for publishing open-source Python projects continues to be abused by threat actors. The latest example comes from security researchers at ESET, who recently discovered 116 malicious packages with malware aimed at Windows and Linux systems. The final payload is data-stealing malware. I’ve said this several times before: Developers have to be careful before downloading anything from open-source project repositories like PyPI, NPM, GitHub and others. Often malicious projects have similar names to legitimate packages to fool victims.

The U.S. Cybersecurity and Infrastructure Security Agency has again urged hardware and software manufacturers to stop putting default passwords in their products. This comes after recent warnings that an Iranian-backed group is compromising critical infrastructure providers by learning of devices with default passwords on IT networks. Any default password that can be found in an instruction manual is gold for a threat actor. Stupid default passwords like ‘1234’, ‘default’ and ‘password’ are the first thing attackers will try even if they haven’t seen a manual. What makes things worse is if the product is used in operational technology networks in utilities or manufacturing plants. Hoping IT or OT administrators will change default passwords when a new product is installed isn’t working. Only action by product manufacturers will solve this problem.

Including a software bill of materials in applications is a smart way of helping IT managers understand what’s in their software and whether components — particularly open-source modules — need to be updated. Components like, for example Apache Log4j. As I reported last week, North Korea’s Lazarus group is hunting for and finding applications whose Log4j components haven’t been patched. But how do you create a software bill of goods? Well, last week guidance on how to do that was released by the U.S. National Security Agency. It’s not only developers that need to create a list of what’s inside their applications. Software buyers should pressure their vendors to do it. Knowing what’s in the applications you use helps mitigate cyber risk.

Finally, someone is stocking YouTube with pro-China and anti-U.S. videos propaganda. That’s according to the Australian Strategic Policy Institute. In a paper the institute says the videos have attracted an unusually large audience with themes such as how China is trying to win what video narrators says is the ‘U.S.-China technology war. Those narrators are voice-overs generated by artificial intelligence. The institute calls this campaign Shadow Play, and says it started in the middle of last year. The campaign includes a network of at least 30 YouTube channels that have produced more than 4,500 videos. So far they have had 120 million views. The report says that since being advised Google has taken down 19 of the YouTube channels because they were either created by phony people or were spam.

Follow Cybersecurity Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

Stay informed about MongoDB’s response to unauthorized access in certain corporate systems, involving exposure of customer data like names, phone numbers, and email addresses.

In a recent update regarding the security incident at MongoDB, the company has released information that as of 9:00 PM EST on December 17, 2023, there is no evidence of unauthorized access to MongoDB Atlas clusters.

MongoDB’s Chief Information Security Officer (CISO), Lena Smart, assured users that no security vulnerabilities have been identified in any MongoDB product as a result of the incident.

The security breach, initially detected on December 13, 2023, and exclusively reported by Hackread.com, involved unauthorized access to certain MongoDB corporate systems, leading to the exposure of customer account metadata and contact information. However, MongoDB now confirms that their investigation has found no indication that the authentication system for MongoDB Atlas clusters has been compromised.

The MongoDB Atlas cluster access is authenticated through a separate system from MongoDB corporate systems. This segregation of systems ensures an additional layer of security for customer data stored in MongoDB Atlas, and the company emphasizes that no evidence of compromise has been identified in this crucial authentication process.

“To be clear, we have not identified any security vulnerability in any MongoDB product as a result of this incident,” the company restated.

The accessed corporate systems contained customer names, phone numbers, email addresses, and other customer account metadata. MongoDB has taken steps to notify the affected customers promptly. Notably, the company has identified system logs access for one customer, but no evidence suggests that the system logs of any other customers were compromised.

The investigation into the security incident is ongoing, and MongoDB is actively collaborating with relevant authorities and forensic firms to gather further insights. The company has committed to keeping its users informed by updating the alert page with additional information as the investigation progresses.

MongoDB encourages users to remain vigilant for potential social engineering and phishing attacks, especially given the accessed customer account metadata and contact information. As a precautionary measure, MongoDB advises all customers, if not already implemented, to activate phishing-resistant multi-factor authentication (MFA) and regularly rotate passwords.

MongoDB users are urged to be watchful for phishing emails that may falsely claim to originate from the company, claiming to provide new updates. However, the actual motive could be to exploit the situation and attempt to steal user data.

RELATED ARTICLES

1. 47% of online MongoDB databases hacked demanding ransom
2. 11 million personal unprotected MongoDB records leaked online
3. Ride-hailing app leaks data of millions of Iranians from MongoDB
4. Unprotected MongoDB leaks resume of 202M Chinese job seekers
5. Hackers leave ransom note after wiping out MongoDB in 13 seconds

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

MongoDB has revealed that threat actors gained unauthorized access to corporate systems, warning users that some information may have been exposed in the incident.

In an alert to customers last week, the open source database host said it first detected suspicious activity on 13th December. A subsequent investigation found a suspected data breach had been ongoing for “some period of time before discovery”.

Exact details on the scale or severity of the breach are still to be determined.

However, MongoDB acknowledged that threat actors gained access to customer information. This included access to customer names, phone numbers, and various other contact details.

“We are aware of unauthorized access to some corporate systems that contain customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer. We have notified the affected customer,” MongoDB said.

The organization sought to further calm customer concerns, adding that it has found “no evidence that any customers’ system logs were accessed”.

MongoDB data breach: Atlas clusters are safe

In the immediate wake of the breach notification, concerns arose that threat actors may have gained access to MongoDB Atlas cloud clusters. 

The database management firm said a probe over the weekend found no evidence of unauthorized access to the clusters, however. This is because MongoDB Atlas cluster access is authenticated via a separate system from corporate systems, the firm added.

Furthermore, MongoDB insisted that no products across its portfolio have been impacted.

“At this time, we have found no evidence of unauthorized access to MongoDB Atlas clusters,” it said. “To be clear, we have not identified any security vulnerability in any MongoDB product as a result of this incident.”

Customers still advised to remain vigilant

While MongoDB’s full investigation into the incident remains ongoing, the firm recommended that customers “be vigilant for social engineering and phishing attacks” due to the exposure of contact information. 

The firm advised customers to activate phishing-resistant, multi-factor authentication techniques.

It also recommended users “regularly rotate their MongoDB Atlas passwords”.

What is MongoDB?

Created in 2007, MongoDB is a document-oriented database which lends itself to scalability and flexibility. 

The team who created it, formerly of DoubleClick, helped foster a new way of thinking about databases – by electing to use JSON documents organized into collections, they were able to make database access and complexity a lot easier for consumers. 

The advantage of this system is that, unlike in a relational database, a predefined database schema is optional. This means that data structures can be changed quickly without recourse to complex database migrations.

From a customer perspective this system is also handy, as it allows frequently accessed data to be stored in the same place, thus making read operations particularly fast.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

Database management company MongoDB has suffered a breach: attackers have gained access to some of its corporate systems and customer data and metadata.

The MongoDB breach

“We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time, immediately activated our incident response process, and believe that this unauthorized access has been going on for some period of time before discovery,” the company said on Saturday.

On Sunday, MongoDB noted that, at this time, they “have found no evidence of unauthorized access to MongoDB Atlas clusters“, not that the Atlas cluster authentication system – which is separate from MongoDB corporate systems – has been compromised.

What was compromised?

The corporate systems accessed by the attackers contain customer names, phone numbers, and email addresses (among other customer account metadata) and system logs for one customer.

“We have notified the affected customer. At this time, we have found no evidence that any other customers’ system logs were accessed,” they added.

The company also noted on Saturday that there has been a spike in login attempts on that day, which caused login issues for customers trying to access Atlas and the Support Portal, but clarified this was not related to the security incident.

Advice to affected customers

With personal data being exposed, customers should keep an eye on any suspicious activity involving their accounts.

They are urged to:

• Be on the lookout for social engineering and phishing attacks
• Enable multi-factor authentication (MFA)
• Change MongoDB Atlas passwords frequently

The investigation into the incident is still ongoing. As the company suspects that the attackers have had access to the systems “for some period of time before discovery”, it’s likely that scope of the breach will widen.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

Founded in 2007 by Dwight Merriman, Eliot Horowitz and Kevin Ryan, MongoDB is a US-based company that created the popular open-source NoSQL database management system of the same name.

MongoDB disclosed on Saturday that it first detected anomalous activity on its systems on 13th December, prompting the firm to swiftly activate its incident response procedure.

The breach resulted in the exposure of customer account metadata and contact information, marking a significant cybersecurity challenge for the company.

“We are aware of unauthorized access to some corporate systems that contain customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer,” MondoDB said in a security incident notification.

However, data stored in MongoDB Atlas, the company’s cloud-based database service, appears not to have been affected.

“It is important to note that MongoDB Atlas cluster access is authenticated via a separate system from MongoDB corporate systems, and we have found no evidence that the Atlas cluster authentication system has been compromised,” the company said.

The investigation is currently underway, and MongoDB says it is working with relevant authorities and forensic experts.

Despite the ongoing investigation, it is currently unclear how long the unauthorised access persisted and what specific systems were compromised during the cyberattack. However, the company has acknowledged that the unauthorised access had been ongoing for some time before its discovery.

In an update provided by MongoDB on 16^th December, MongoDB said it noticed a recent spike in login attempts.

This spike resulted in access issues for some customers attempting to log in to MongoDB Atlas and the Support Portal. However, the company clarified that this increased activity is unrelated to the security incident under investigation.

MongoDB compromised pic.twitter.com/AhU5VdsEud

— vx-underground (@vxunderground) December 16, 2023

MongoDB CISO Lena Smart issued an email to the company’s customers, cautioning them against potential social engineering and phishing threats.

The company advises the implementation of multi-factor authentication (MFA) and the regular rotation of passwords as precautionary measures to enhance security.

Users are also encouraged to stay informed through MongoDB’s official channels for the latest developments and adhere to the recommended security practices to safeguard their data.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

Article originally posted on mongodb google news. Visit mongodb google news