Database hosting service MongoHQ suffered a breach Monday where users’ email addresses, hashed password data, and other account information were open to hackers.
“We detected unauthorized access to an internal support application using a password that was shared with a compromised personal account,” said MongoHQ co-founder Jason McCay in a blog post. “In handling security incidents, MongoHQ’s priorities are to halt the attack, eliminate the control failures that allowed the attack to occur, and to report the incident candidly and accurately to our customers.”
In an effort to secure its networks, MongoHQ has provided users with information on the incident and how it’s working to neutralize the breach and prevent future attacks.
First, it locked out every MongoHQ employee account while it is enabling a credential reset and audit. Second, it disabled its employee-facing support applications while it sets up an enforced two-factor authentication, a system of graduated permissions, and other security measures.
“As a precaution, we took additional steps on behalf of our customers to invalidate the Amazon Web Services credentials we were storing for you,” McCay said. “We have done the work to ensure the security of your data. We have taken further steps to test and validate this work by bringing on a third-party security firm for testing of this effort.”
It’s unclear how many users fell victim to the breach. McCay said MongoHQ will continue to update its Web site with any new information on the hack, along with recommendations for users to protect their data.
Just earlier this week, Dun & Bradstreet, which licenses information on businesses and corporations for use in credit decisions, business-to-business marketing and supply chain management, said they fell victim to an attack and sent out notification letters Monday to customers.
“Based on our investigation of the incident to date, we believe the attack primarily occurred during a fifteen (15) day period in March and April 2013 and potentially resulted in unauthorized access to our environment, including one of our commercial information databases,” the letters read.