After users’ hashed passwords, e-mail addresses, and other information is exposed in a security breach, the cloud-based hosting service neutralizes the attack and works to prevent future incidents.

October 29, 2013 9:05 PM PDT

Database hosting service MongoHQ suffered a considerable security breach on Monday, in which users’ e-mail addresses, hashed password data, and other account information was exposed to hackers.
“We detected unauthorized access to an internal support application using a password that was shared with a compromised personal account,” MongoHQ co-founder Jason McCay wrote in a blog post. “In handling security incidents, MongoHQ’s priorities are to halt the attack, eliminate the control failures that allowed the attack to occur, and to report the incident candidly and accurately to our customers.”

Related stories
Adobe hack attack affected 38 million accounts
US government releases draft cybersecurity framework
NSA reportedly hacked Mexican president’s e-mail account
Microsoft finally fixes critical Internet Explorer vulnerability
WhatsApp Web site hijacked, shows pro-Palestinian message

In an effort to secure its networks, MongoHQ has provided users with information on the incident and how it’s working to both neutralize the breach and prevent future attacks. First, it locked out every MongoHQ employee account while it is enabling a credential reset and audit. Second, it disabled its employee-facing support applications while it sets up an enforced two-factor authentication, a system of graduated permissions, and other security measures.
“As a precaution, we took additional steps on behalf of our customers to invalidate the Amazon Web Services credentials we were storing for you,” McCay wrote. “We have done the work to ensure the security of your data. We have taken further steps to test and validate this work by bringing on a third-party security firm for testing of this effort.”
It’s unclear how many users were affected in the breach. McCay said that MongoHQ will continue to update its Web site with any new information on the hack, along with recommendations for users to protect their data.

Leave a Reply