[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] MongoDB support firm says intruders may have accessed databases
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-10-30 6:40:20
Message-ID: alpine.DEB.2.02.1310300640060.11295 () infosecnews ! org
[Download RAW message or body]

http://www.networkworld.com/news/2013/103013-mongodb-support-firm-says-intruders-275395.html

By Jeremy Kirk
IDG News Service
October 29, 2013

MongoHQ, which provides hosting and support for the open-source Mongo 
database, said attackers may have accessed several of its customers' 
databases earlier this week.

On Monday, someone accessed an internal support application using a 
password that had been used for a compromised personal account, wrote 
Jason McCay, MongoHQ's founder.

The support application contains connection information for customer 
MongoDB instances, along with lists of databases, email addresses and user 
credentials hashed with bcrypt, a file encryption tool, McCay wrote. An 
audit showed that several databases may have been accessed via that 
support application.

"We believe we have exhausted the scope of this compromise and are 
directly contacting all affected customers," McCay wrote. "We are 
continuing to evaluate our audit logs and conducting further 
investigations with the help of third-party experts."

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
[prev in list] [next in list] [prev in thread] [next in thread]