Go to top of page

MongoDB attack provides reminder to back up and secure databases

Priority Level: 
13 January 2017

Companies and individuals are reminded to back up and secure their databases as well as checking their protection for websites and online services.

According to recent media reports, attackers have gained access to tens of thousands of MongoDB databases used by businesses and copied data before deleting the original information. The attackers then demand a ransom from the business to return the stolen data.

The MongoDB databases under attack are reported to be internet-facing and not configured properly to minimise the risk of unauthorised intrusion.

Stay Smart Online recommends that all administrators review the protections applied to databases (as well as websites and online services) they control and apply best practice security wherever possible.

You are reminded that all databases should be configured to provide access to authenticated users only and that those users must use strong passwords or passphrases. Where extra log-on security (such as multi-factor authentication where a user must provide a range of evidence of their identity) is available, you should apply this as well.

Configuration options depend on the type of database and the vendor involved. The vendor should be able to provide information on best practice security for their databases. If you are not sure about how to properly configure your database, you should obtain technical assistance.

If you do not apply best practice protections, your business may experience significant damage. Attackers may be able to access the database, copy data or remove it from the system. They may also change access permissions for website users or payment information.

More information

MongoDB has provided instructions for configuring database security on its website.

Stay Smart Online provides information on setting good passwords.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.