Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Hackers Infiltrate Database as a Service Firm MongoHQ

Cloud-based database service MongoHQ said on Tuesday that attackers had gained access to an internal, employee-facing support application resulting in customer accounts and database instances being exposed. According to the company, one tool accessed by the attacker(s) lets MongoHQ support staff “impersonate” to access to a web interface as if they were a logged in as a customer.

Cloud-based database service MongoHQ said on Tuesday that attackers had gained access to an internal, employee-facing support application resulting in customer accounts and database instances being exposed. According to the company, one tool accessed by the attacker(s) lets MongoHQ support staff “impersonate” to access to a web interface as if they were a logged in as a customer.

The company said the intrusion was detected on October 28, 2013, and that an attacker was using a password obtained due to a compromised personal account.

“We’ve conducted an audit of direct access to customer databases and determined that several databases may have been accessed using information stored in our account database,” Jason McCay Founder and CEO of MongoHQ warned in a security notice on Tuesday. 

“We are contacting affected customers directly. If you have not heard from us individually, there is no evidence that your DB was accessed by an unauthorized user,” McCay continued.

According to its website, the company’s platform processes more than 6 billion MongoDB operations every day.

In response to the breach, the company said that all MongoHQ employee accounts, including email, network devices, and internal applications have been locked out, and are being enabled only after a credential reset and audit.

Furthermore, the company said its employee-facing support applications are now locked down with some components of it currently completely disabled.

McCay said the affected applications would not be re-enabled until the company has enforced two-factor authentication, made access to the applications only available through VPN connections, and implemented a system of graduated permissions that have been tested thoroughly.

In addition to describing the events in more detail, the company provided additional advice for customers on steps to take in order to best protect their assets, including changing database passwords and checking their database and MongoHQ account for unused, expired, or invalid usernames.

This attack is yet another example of attackers leveraging privileged accounts to successfully compromise an organization.

Theft, misuse, and exploitation of privileged accounts is a key tactic in each phase of APTs and other targeted attack campaigns, according to a report from CyberSheath released earlier this year. 

According to Verizon’s 2013 Data Breach Investigation Report, 76 percent of network intrusions exploited weak or stolen credentials.

“Security needs to start with identifying and securing every one of these powerful accounts and automating the controls around them,” John Worrall, CMO of Cyber-Ark said previously.

MongoHQ did not say how many customer accounts were affected.

Related ReadingAttackers Capitalizing On Poorly Managed Privileged Accounts

Related Reading: Privileged Accounts Play Key Role in Advanced Cyber Attacks

Related Reading: Stolen Login Credentials, Poor Security Practices Led to South Carolina Data Breach

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.