MongoDB says hackers accessed corporate systems containing customer info

Hackers infiltrated the systems of billion-dollar software giant MongoDB and accessed customer information during a recent cybersecurity incident, the company said over the weekend.

MongoDB is “aware of unauthorized access to some corporate systems that contain customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer,” it said in a notice on Sunday.

“We have notified the affected customer. At this time, we have found no evidence that any other customers’ system logs were accessed,” the company added.

MongoDB is one of the largest database software companies currently operating, reporting $1.2 billion in revenue this year.

The Sunday notice came after the company published a warning on Saturday afternoon that it was investigating “a security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information.”

They sent an email to customers explaining that the incident began on Wednesday night when they detected suspicious activity, warning that the “unauthorized access has been going on for some period of time before discovery.”

Customers, they added, should be wary of social engineering and phishing attacks. In an update released about two hours later, MongoDB noted that it was experiencing a spike in login attempts that was causing issues for customers trying to login.

On Sunday, the company said it “found no evidence” that the hackers accessed MongoDB Atlas — an integrated suite of data services centered around a cloud database. They also said the intrusion was not the result of any security vulnerabilities in MongoDB products but did not say how the hackers got into their systems.

“We are continuing with our investigation, and are working with relevant authorities and forensic firms,” they said.