If a breach of information occurs, people instantly throw accusations in the direction of the facility that suffers from an exposition of their users’ data. Just recently, almost 29 thousand databases that are supported by MongoDB were invaded by a hacker, identified by the nickname Harak1r1. Do not go with the flow: blaming MongoDB seems irrational since it provided solid security measures for its users: the question is whether its clients took them seriously. The majority, if not all, compromised databases are presumed to be utilized in open MongoDB instance. As a consequence, information in those systems became available for programmers that were interested. This is what happens if you allow your database to be accessible to the open Internet. If you think that 29 thousand databases that were hijacker is not that much, you should bear in mind that these servers can contain information about millions of users. We guess those facilities that use MongoDb database are going to be forced to explain to their clientele why data was exposed. Mumbling the reason can be shocking; which service would like to admit that their recklessness led to a breach?
The attack originally began back in 2016, more specifically, at the end of December. The number of affected databases grew quickly, when finally approximately 29 thousand systems were compromised. Of course, hacker(s) initiated this hijack not only for entertainment: attackers ask for a ransom in exchange of returning files back to the invaded systems. Yes, we are yet to disclose information about how the hacker actually influences databases. To our knowledge, hacker deletes the files that are stored in those systems, leaving them empty. 220 US dollars are requested for the safe return of that information. Nevertheless, it it fairly complicated to decide whether hackers are not bluffing. It is presumable that they simply cleaned all of the infected databases and are being dishonest about having backups. For those companies that treated their document databases without proper security measures: take this hijack as a lesson to protect your user communities from such unfortunate fate. By getting a reputation of a service that has little interest in security, you might lose some important clientele. Protect your servers with complex passwords: this tip works for everything. As for the victims of this hijack, we have hope that maybe some companies stored their data in backups, in case it would be accidentally deleted.
Source: threatpost.com, grahamcluley.com.
