Database management giant MongoDB says it is investigating a security incident that resulted in the exposure of some customer information.
New York-based MongoDB helps more than 46,000 companies, including Adobe, eBay, Verizon and the UK Department for Work and Pensions, manage their databases and massive data warehouses, according to its website. The company’s offerings include its open source database hosted by MongoDB and its Atlas database as a service offering.
In announcement published late SaturdayMongoDB said it is actively investigating a “security incident involving unauthorized access to certain MongoDB enterprise systems, which included exposure of customer account metadata and contact information.”
MongoDB said it first detected suspicious activity on Wednesday, but noted that “the unauthorized access had been ongoing for some time prior to discovery.” It is not known how long the hackers had access to MongoDB’s systems. MongoDB CISO Lena Smart declined to say when asked by TechCrunch.
In an update published Sunday, MongoDB said it does not believe the hackers accessed customer data stored in MongoDB Atlas, the company’s hosted database.
However, the company confirmed that it is “aware” that hackers accessed some of its corporate systems that contained customer names, phone numbers, email addresses and other unspecified customer account metadata.
For one customer, that included system logs, MongoDB said. System logs can contain information about the operation of a database or the underlying system. CISO Smart said that customer was notified and that it “found no evidence that other customers’ system logs were accessed.”
It’s unclear what technical evidence — such as its own logs — MongoDB has to detect malicious activity on its network.
MongoDB declined to say how many customers might be affected by the compromise of its corporate systems. It is not yet known how and when the company was breached, which corporate systems were accessed or whether it has notified the US Securities and Exchange Commission. From 18 December, organizations must disclose “material” cyber security incidents to the regulator within four days of discovery.
MongoDB recommends that customers remain vigilant for social engineering and phishing attacks and enable phishing-resistant multi-factor authentication on their accounts, which the company does not require customers to use by default.
The company noted over the weekend that it was “experiencing a spike in login attempts resulting in issues for customers trying to login to Atlas and our Support Portal,” but said this was not related to the security incident.