MongoDB, Inc. Incident Report - 2023-12-16

Page last updated on March 1, 2024

A potential incident was reported for MongoDB, Inc. on 2023-12-16.

Company Summary

MongoDB is a next-generation database that helps businesses transform their industries by harnessing the power of data. (Source: Crunchbase)

Material Incident Disclosed?

A Material Cybersecurity Incident 8-K has not been filed.

Incident Report

2023-12-16

MongoDB is actively investigating a security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information. We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time, immediately activated our incident response process, and believe that this unauthorized access has been going on for some period of time before discovery. At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas. Nevertheless, we recommend that customers be vigilant for social engineering and phishing attacks, activate phishing-resistant multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords. MongoDB will update this alert page with additional information as we continue to investigate the matter.
Source: MongoDB Blog - posted by Andrew Hoog at 2024-03-01 09:53:57 EST

2023-12-20

We continue to find no evidence of unauthorized access to MongoDB Atlas clusters or the Atlas cluster authentication system.

Although our investigation remains ongoing, today we’re sharing additional information regarding the contact information and related account metadata that we have identified as having been exposed. The tables below show the relevant fields.
Source: MongoDB Blog - posted by Andrew Hoog at 2024-03-01 09:56:20 EST

2024-01-23

Post event summary.
Source: MongoDB Blog - posted by Andrew Hoog at 2024-03-01 09:59:38 EST

Company Information