[ISN] MongoDB support firm says intruders may have accessed databases

http://www.networkworld.com/news/2013/103013-mongodb-support-firm-says-intruders-275395.html By Jeremy Kirk IDG News Service October 29, 2013 MongoHQ, which provides hosting and support for the open-source Mongo database, said attackers may have accessed several of its customers’ databases earlier this week. On Monday, someone accessed an internal support application using a password that had been used for a compromised personal account, wrote Jason McCay, MongoHQ’s founder. The support application contains connection information for customer MongoDB instances, along with lists of databases, email addresses and user credentials hashed with bcrypt, a file encryption tool, McCay wrote. An audit showed that several databases may have been accessed via that support application. “We believe we have exhausted the scope of this compromise and are directly contacting all affected customers,” McCay wrote. “We are continuing to evaluate our audit logs and conducting further investigations with the help of third-party experts.” […]