MongoDB Reviews

Thousands of Mongo DBs have been hijacked. Get the security right.

about MongoDB · · Helpful Not helpful 2 Helpful

Not an inherent vulnerability, but MongoDB admins should ensure they're avoiding common pitfalls by, among other things, blocking access to port 27017 or binding local IP addresses to limit access to servers. Thousands of MongoDBs have been hijacked by hackers recently:

http://arstechnica.com/security/2017/01/more-than-10000-online-databases-taken-hostage-by-ransomware-attackers/
and
https://www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data

Reply