MongoDB, the company behind the same-titled cross-platform document management platform confirmed on Saturday that they had been the victim on a security breach which has exposed customer data.

In a security notice posted on Saturday morning, the company announced that they had detected unauthorised access to certain MongoDB corporate systems on Wednesday (13th December) and had been working to contain the breach.

In an update a few hours later the company addressed customer concerns that a DDoS was also taking place, but in fact was the result of many customers frantically logging on to check their own data.

Yesterday (17th), the company issued an update to the investigations taking place in to the breach to assure customers that no access to MongDB Atlas clusters appear to have occured, and that no vulnerabilities in MongoDB systems have been discovered – it seems that the attack originated as an attack on corporate staff members and not via customer-facing systems.

What is MongoDB?

MongoDB is an open-source, cross-platform document-orientated collaboration platform which allows for organisations to very effectively manage large collections of documents via its NoSQL (Not Only SQL) database management system.

Instead of using the traditional tables and rows as in a relational database, MongoDB uses an architecture made up of collections and documents.

Documents are made up of Key-value pairs, and collections (the equivalent of a SQL table), contain document sets.

A typical MongoDB document would look something like this:

var mydoc = {
            _id: ObjectId("5099803df3f4948bd2f98391"),
            name: { first: "Alan", last: "Turing" },
            birth: new Date('Jun 23, 1912'),
            death: new Date('Jun 07, 1954'),
            contribs: [ "Turing machine", "Turing test", "Turingery" ],
            views : NumberLong(1250000)
}

A collection would be a set of documents of similar types:

For effective data manipulation in a mongoDB database, MongoDB offers support for many programming languages, such as C, C++, C#, Go, Java, Python, Ruby and Swift.

There are a number of products available from MondoBD:

  • MongoDB – The original database system, run on premise
  • MongoDB Stitch – A Backend-as-a-Service system which uses APIs for inter-app connectivity
  • MongoDB Atlas – A cloud-hosted MondoDB solution
  • MongoDB Mobile – An app to integrate with mobile platforms

Related Articles

(19-02-23) Blog 50 – RCE – What is it? and why is it dangerous?
365 days of blogs / December

(19-02-23) Blog 50 – RCE – What is it? and why is it dangerous?

Mark
(15/12/23) Blog 349 – Joint security advisory released for JetBrains TeamCity CVE – targeted by Fancy Bear
365 days of blogs / December

(15/12/23) Blog 349 – Joint security advisory released for JetBrains TeamCity CVE – targeted by Fancy Bear

Mark
(13/09/23) Blog 256 – A hard lesson in cyber security
365 days of blogs / December

(13/09/23) Blog 256 – A hard lesson in cyber security

Mark
(07/04/23) Blog 97 – Happy Easter!
365 days of blogs / December

(07/04/23) Blog 97 – Happy Easter!

Mark
(28/06/23) Blog 179 – Op Venetic – update on statistics
365 days of blogs / December

(28/06/23) Blog 179 – Op Venetic – update on statistics

Mark