It’s Not a Matter of If You will Have a Data Breach, but a Matter of When
In late January, MongoDB databases were hacked, 27,000 to be exact. They did not have password protection, nor did they have firewalls. Interestingly, MongoDB is the fourth most popular database, after Oracle, MySQL, and Microsoft SQL Server.
Unless users had backed up their data, they were out of luck and out of time. The affected databases were held for ransom. So cough up. Not the users’ responsibility but the responsibility of MongoDB? Not quite fair. Users knew the limitations and they knew how their information was protected, which was not at all.
According to this article about the ransomware attack, “The intrusion affected instances that weren’t even protected by password access controls or run behind a firewall. While passwords can easily be hacked, the incidents of the past couple weeks prove that having first lines of defense aren’t totally worthless. So if you enforced password access, we’ll say it again, you got by… this time.”
In this case, it was user negligence. MongoDB does provide controls, but leaves it up to users to implement them. The 27,000 databases represent quite a bit of work. And now they are gone, unless the users took precautions. But how many did? Bet they will be obsessed about security in the future. Too bad it’s a day late and a dollar short.
When are you expecting a data breach?
Our webinars also address the topics explored in our blogs. Access all our webinar recordings and presentation slides at any time, from our website, in the Recorded Webinars area, via the Resources tab.