Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Hackers Infiltrate Database as a Service Firm MongoHQ

Cloud-based database service MongoHQ said on Tuesday that attackers had gained access to an internal, employee-facing support application resulting in customer accounts and database instances being exposed. According to the company, one tool accessed by the attacker(s) lets MongoHQ support staff “impersonate” to access to a web interface as if they were a logged in as a customer.

Cloud-based database service MongoHQ said on Tuesday that attackers had gained access to an internal, employee-facing support application resulting in customer accounts and database instances being exposed. According to the company, one tool accessed by the attacker(s) lets MongoHQ support staff “impersonate” to access to a web interface as if they were a logged in as a customer.

The company said the intrusion was detected on October 28, 2013, and that an attacker was using a password obtained due to a compromised personal account.

“We’ve conducted an audit of direct access to customer databases and determined that several databases may have been accessed using information stored in our account database,” Jason McCay Founder and CEO of MongoHQ warned in a security notice on Tuesday. 

“We are contacting affected customers directly. If you have not heard from us individually, there is no evidence that your DB was accessed by an unauthorized user,” McCay continued.

According to its website, the company’s platform processes more than 6 billion MongoDB operations every day.

In response to the breach, the company said that all MongoHQ employee accounts, including email, network devices, and internal applications have been locked out, and are being enabled only after a credential reset and audit.

Furthermore, the company said its employee-facing support applications are now locked down with some components of it currently completely disabled.

McCay said the affected applications would not be re-enabled until the company has enforced two-factor authentication, made access to the applications only available through VPN connections, and implemented a system of graduated permissions that have been tested thoroughly.

Advertisement. Scroll to continue reading.

In addition to describing the events in more detail, the company provided additional advice for customers on steps to take in order to best protect their assets, including changing database passwords and checking their database and MongoHQ account for unused, expired, or invalid usernames.

This attack is yet another example of attackers leveraging privileged accounts to successfully compromise an organization.

Theft, misuse, and exploitation of privileged accounts is a key tactic in each phase of APTs and other targeted attack campaigns, according to a report from CyberSheath released earlier this year. 

According to Verizon’s 2013 Data Breach Investigation Report, 76 percent of network intrusions exploited weak or stolen credentials.

“Security needs to start with identifying and securing every one of these powerful accounts and automating the controls around them,” John Worrall, CMO of Cyber-Ark said previously.

MongoHQ did not say how many customer accounts were affected.

Related ReadingAttackers Capitalizing On Poorly Managed Privileged Accounts

Related Reading: Privileged Accounts Play Key Role in Advanced Cyber Attacks

Related Reading: Stolen Login Credentials, Poor Security Practices Led to South Carolina Data Breach

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.