27,000 MongoDB servers have their data wiped, receive ransom demand for its safe ...

What's happened?

Tens of thousands of unprotected MongoDB databases have been taken hostage by hackers, who have wiped data from company servers and are demanding a ransom be paid for the safe return of the information. Some have suggested that the number of affected databases could be in the region of 27,000.

MongoDB? What's that?

MongoDB is an open source document database.

And it has a vulnerability that the hackers were able to exploit? Sheesh...

Not so fast. There are security measures built into MongoDB, it's just that some users don't bother to use them. For instance, some MongoDB administrators have been leaving their systems accessible to the open internet, without having so much as an admin password in place.

Why would anyone be running an open MongoDB instance?

Because they like living dangerously? Because they get a kick out of being reckless with people's data?

Seriously, there's no good reason. It's a crazy thing to do.

I'm sure I've heard of people breaking into unsecured MongoDB databases before and stealing data

Yup, it's not rocket science. For instance, a researcher stumbled across the details of 13 million Mac users after controversial firm MacKeeperleft them exposed for any Tom, Dick or Harry to see in an unprotected MongoDB instance.

But what's different in this case is that an intruder is not just stealing the data, they're also wiping the victim's copy and attempting to extort a Bitcoin ransom:

"SEND 0.2 BTC TO THIS ADDRESS 13zaxGVjj9MNc2jyvDRhLyYpkCh323MsMq AND CONTACT THIS EMAIL WITH YOUR IP OF YOUR SERVER TO RECOVER YOUR DATABASE !"

Might MongoDB instances that are protected by a password or are not accessible via the public internet also be at risk?

To date the attacks have only been against MongoDB instances that have been left wide open by lackadaisical administrators. In theory it might be possible to launch attacks against instances where admins have used easy-to-guess passwords, but there's no reason to believe that's likely to happen at the moment.

The message is simple - use strong, unique passwords and don't connect things to the internet unless they need to be connected to the internet.

Yes, you've heard that advice before. No, people don't seem to be getting the message. Sigh...

What is the company behind MongoDB doing about it?

I imagine it is feeling pretty frustrated that some of their users are being so careless with the software.

MongoDB Inc clearly needs to reach out to the community and underline the importance of not having unsecured instances of MongoDB running openly on the net. It has posted some advice for users on its website.

Of course, the damage is somewhat lessened if you had taken the precaution of backing up your database. If that's the case then you only have the embarrassing problem of explaining to your customers that their data has been stolen and personal information exposed, rather than be utterly incapable of doing any business.

However, if you're the kind of outfit that doesn't have an admin password for your database and leaves it open to the internet then I don't hold out much hope that you've been making backups...

本文数据库(综合)相关术语:系统安全软件

主题: MongoDB
分页:12
转载请注明
本文标题:27,000 MongoDB servers have their data wiped, receive ransom demand for its safe ...
本站链接:http://www.codesec.net/view/523038.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 数据库(综合) | 评论(0) | 阅读(43)