Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

MongoHQ Adds New Security Features in Response to Breach

After experiencing an attack last year that exposed customer accounts and database instances at cloud-based database service MongoHQ, the company on Tuesday said that it has added new security features, in

After experiencing an attack last year that exposed customer accounts and database instances at cloud-based database service MongoHQ, the company on Tuesday said that it has added new security features, including the ability for customers to control and see who accesses their account, along with two-factor authentication and security auditing tools.

In October 2013, the database hosting company discovered that attackers had gained access to an internal, employee-facing support application that resulted in customer accounts and database instances being exposed. One tool accessed by the attacker(s) let MongoHQ support staff “impersonate” to access to a web interface as if they were a logged in as a customer.

“We’re excited to announce these new security features today and highlight the steps we’ve taken to help our customers manage their security,” said Kurt Mackey, co-founder of MongoHQ.

“This security package provides our customers with the tools needed to better manage and monitor access to their database configuration tools.” “These new security features give MongoHQ’s customers a heightened level of control over access to the application used to manage their database,” the company said in a statement. “Additionally, new open source features address the ongoing issue of security within the cloud and allow MongoHQ to provide enhanced security tools to startups that may not otherwise have access.”

Details of the new security features include:

Security Auditing – A new tool that allows database owners to see any login activity and changes through the MongoHQ web user interface in real time. This provides developers with the ability to oversee who is accessing their account and monitor sensitive application features, allowing them to address suspicious activity early.

Two-Factor Authentication – Allows users to add an extra-layer of security to their login details. In addition, account owners can require two-factor authentication for all users on their account.

Open Source Security Features – As part of the new security package, MongoHQ is releasing their two-factor authentication service as open source to help other startups implement two-factor authentication. The tool, known as Authful, was developed in house and underwent a security audit from Matasano.

 Along with the new security features, the company published The MongoHQ Security Handbook, a guide that provides best practices for internal security policy, specifically designed for startups.

MongoHQ offers fully managed end-to-end platform for developers looking to deploy, host and scale MongoDB databases and boasts over 35,000 current users with customers across the world.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...