Tell HN: MongoDB Security Notice Update
2 comments
3 days ago they sent me an email informing me about the security issue.
What caused me confusion is that I have deleted my account a couple of years ago, which means there are two possible scenarios here: 1) either they lied to me that they have deleted my account or 2) they have indeed deleted my account BUT they rollback old backups that my account was part of it.
If #2 indeed took place, the real question is this: why have you even retained old backups with accounts that no longer exist?!
What caused me confusion is that I have deleted my account a couple of years ago, which means there are two possible scenarios here: 1) either they lied to me that they have deleted my account or 2) they have indeed deleted my account BUT they rollback old backups that my account was part of it.
If #2 indeed took place, the real question is this: why have you even retained old backups with accounts that no longer exist?!
MongoDB employee posting:
Out of an abundance of caution, we cast a wide net and contacted all current and past MongoDB users, including those that may have closed their MongoDB Atlas Projects. If you would like to have your contact information completely deleted from our systems, please file a GDPR deletion request: https://www.mongodb.com/legal/privacy-policy/request-for-del...
You can reach out to me directly for assistance with this, if needed. My email is my first name at mongodb dot com.
Out of an abundance of caution, we cast a wide net and contacted all current and past MongoDB users, including those that may have closed their MongoDB Atlas Projects. If you would like to have your contact information completely deleted from our systems, please file a GDPR deletion request: https://www.mongodb.com/legal/privacy-policy/request-for-del...
You can reach out to me directly for assistance with this, if needed. My email is my first name at mongodb dot com.
"We continue to find no evidence of unauthorized access to MongoDB Atlas clusters or the Atlas cluster authentication system. Our investigation and work with the relevant authorities is ongoing. MongoDB will update this alert page with pertinent information as we further investigate the matter.
At this time, as a result of our investigation in collaboration with outside experts, we have high confidence that we were victims of a phishing attack. Through our investigation, we have identified certain information that may be helpful to protect yourself against a potential attack by this unauthorized party:
Indicators of Compromise (IOCs)
The unauthorized party used the Mullvad VPN. Mullvad has many external IP addresses, and there are many VPNs that can be used to hide an IP address. In this case, we saw malicious activity coming from the following IP addresses: 107.150.22.47 138.199.6.199 146.70.187.157 179.43.189.85 185.156.46.165 198.44.136.69 198.44.136.71 198.44.140.133 198.44.140.199 199.116.118.207 206.217.205.88 66.63.167.152 66.63.167.154 87.249.134.10 96.44.191.132 We recommend using the above information to search your networks for suspicious activity. We are committed to being as transparent in this process as we can and providing information so you can assess risk in your network.
In regards to our previous guidance, here are instructions on how to enable phishing-resistant MFA on MongoDB’s native cloud authentication service. MongoDB Cloud also supports federating your identity from your IDP, please see here.
We have fielded questions from some customers about the authenticity of the e-mail titled: MongoDB Security Notice that our Chief Information Security Officer, Lena Smart, sent over the weekend from [email protected]. We can confirm that this email is legitimate."
https://www.mongodb.com/alerts