It’s Not a Matter of If You will Have a Data Breach, but a Matter of When
In late January, MongoDB databases were hacked, 27,000 to be exact. They did not have password protection, nor did they have firewalls. Interestingly, MongoDB is the fourth most popular database, after Oracle, MySQL, and Microsoft SQL Server.
Unless users had backed up their data, they were out of luck and out of time. The affected databases were held for ransom. So cough up. Not the users’ responsibility but the responsibility of MongoDB? Not quite fair. Users knew the limitations and they knew how their information was protected, which was not at all.
According to this article about the ransomware attack, “The intrusion affected instances that weren’t even protected by password access controls or run behind a firewall. While passwords can easily be hacked, the incidents of the past couple weeks prove that having first lines of defense aren’t totally worthless. So if you enforced password access, we’ll say it again, you got by… this time.”
In this case, it was user negligence. MongoDB does provide controls, but leaves it up to users to implement them. The 27,000 databases represent quite a bit of work. And now they are gone, unless the users took precautions. But how many did? Bet they will be obsessed about security in the future. Too bad it’s a day late and a dollar short.
When are you expecting a data breach?
Join us for our ‘Eliminate the 49% of Documents that Contain Data Breaches’ webinar on Wednesday, September 13th. Issues relating to security breaches from within content now occur with alarming frequency. This session shows how to focus on the identification of unknown security exposures that exist as content is ingested or created, to avoid costly and damaging ramifications.