MongoHQ, the company behind the MongoDB services, has reported that hackers may have accessed several of their customers’ databases this week. Someone accessed an internal support application using a password that has been used for a compromised personal account said MongoHQ founder Jason McCay in a notice.
The support application contains connection information for customer MongoDB instances along with a list of databases, e-mail addresses, and user credentials that are hashed with file encryption tool crypt. According to an audi, several databases may have been accessed through a support application.
“We believe we have exhausted the scope of this compromise and are directly contacting all affected customers,” stated McCay. “We are continuing to evaluate our audit logs and conducting further investigations with the help of third-party experts.”
MongoHQ invalidated credentials like IAM (Identity and Access Management) keys that they stored for customers using Amazon Web Services (AWS) for backups. MongoHQ notified AWS of the accounts that may have been affected. AWS is offering Premium Support for organizations that need new credentials.
MongoHQ offers services to let developers manage NoSQL Mongo databases for their applications.
MongoHQ is modifying their system to encrypt and decrypt data at the application level, which could mitigate possible damage from the same hack. MongoHQ also hired a security consulting company to do a penetration test of its application stack, according to ComputerWorld.