[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] MongoDB support firm says intruders may have accessed databases
From: InfoSec News <alerts () infosecnews ! org>
Date: 2013-10-30 6:40:20
Message-ID: alpine.DEB.2.02.1310300640060.11295 () infosecnews ! org
[Download RAW message or body]
http://www.networkworld.com/news/2013/103013-mongodb-support-firm-says-intruders-275395.html
By Jeremy Kirk
IDG News Service
October 29, 2013
MongoHQ, which provides hosting and support for the open-source Mongo
database, said attackers may have accessed several of its customers'
databases earlier this week.
On Monday, someone accessed an internal support application using a
password that had been used for a compromised personal account, wrote
Jason McCay, MongoHQ's founder.
The support application contains connection information for customer
MongoDB instances, along with lists of databases, email addresses and user
credentials hashed with bcrypt, a file encryption tool, McCay wrote. An
audit showed that several databases may have been accessed via that
support application.
"We believe we have exhausted the scope of this compromise and are
directly contacting all affected customers," McCay wrote. "We are
continuing to evaluate our audit logs and conducting further
investigations with the help of third-party experts."
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic