Database management giant MongoDB says it’s investigating a security incident that has resulted in the exposure of some information about customers.
The New York-based MongoDB helps more than 46,000 companies, including Adobe, eBay, Verizon and the U.K.’s Department for Work and Pensions, manage their databases and vast stores of data, according to its website. The company’s offerings include its MongoDB self-hosted open source database and its Atlas database-as-a-service offering.
In a notice published late on Saturday, MongoDB said it was actively investigating a “security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information.”
MongoDB said it first detected suspicious activity on Wednesday but noted that “unauthorized access has been going on for some period of time before discovery.” It’s not known how long hackers had access to MongoDB’s systems; MongoDB CISO Lena Smart declined to say when asked by TechCrunch.
In an update published on Sunday, MongoDB said it does not believe hackers accessed any customer data stored in MongoDB Atlas, the company’s hosted database offering.
But the company confirmed that it is “aware” that hackers accessed some of its corporate systems that contained customer names, phone numbers, email addresses and other unspecified customer account metadata.
For one customer, this included system logs, MongoDB said. System logs can include information about the running of a database or its underlying system. CISO Smart said this customer was notified, and that it has “found no evidence that any other customers’ system logs were accessed.”
It’s not clear what technical evidence — such as its own logs — MongoDB has to detect malicious activity on its network.
MongoDB declined to say how many customers may be affected by the compromise of its corporate systems. It is not yet known how and when the company was compromised, which corporate systems were accessed or whether it has notified the U.S. Securities and Exchange Commission. As of December 18, organizations must disclose “material” cybersecurity incidents to the regulator within four days of discovery.
MongoDB recommends that customers should remain vigilant for social engineering and phishing attacks, and activate phishing-resistant multi-factor authentication on their accounts, which the company does not require customers to use by default.
The company noted over the weekend that it was “experiencing a spike in login attempts resulting in issues for customers attempting to log in to Atlas and our Support Portal,” but said this was unrelated to the security incident.