MongoDB Database hacked for Ransom


MongoDB’s database which was hacked by cyber criminals last month is on a verge of being leaked to the public. The hackers who siphoned some critical content from the main network of the open source platform are now demanding a heavy ransom. If the company fails to pay them they are planning to leak those details on the web.

The hacker with the name “Harak1r1” was behind this whole cyber heist conspiracy who is demanding 12 BTC to reclaim the content.

Citing it as a fancied earning opportunity, two more groups of cyber crooks have also come up with their own copycat extortion schemes.

MongoDB’s security team admitted that the cyber attack on its database took place a couple months ago via a security vulnerability of AWS platform. They added that Amazon Web Services holds a favorite place for organizations who want to work for devops and so their database was being hosted on AWS.

The team added that the security vulnerability which gave a hacking gateway to cyber criminals was fixed and sorted out.

They however chose to remain silent on the latest reports from hackers who claim to own critical data.

According to the experts of Cyber Security Insiders, user errors coupled with weak security practices often expose workloads running in cloud environments to hackers. Thus, they suggest that Cloud CIOs should focus more on security factors which are designed in layers, starting with policies that minimize the weak points by cutting down unnecessary asset exposure.

Coming to the payment of ransom, the experts from Cyber Security Insiders affirm that there’s no guarantee that the money paid to the hackers will see a data return.

What if they start demanding more? What if they do not own the data in actual and are just acting as mediators? What if they do not own the said critical information and are just trying to gain attention…?

As all these questions do have some weight, it’s a tough call to make…..isn’t it?

Please share your mind through the comments section below.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display