As ZDNet reported, a hacker is actively finding MongoDB databases that are left exposes online, and wiping them! Further, the hacker is even leaving a ransom note for a payment of 0.015 Bitcoin and would leak databases and inform to local data laws if not paid. The targeted list includes around 23,000 MongoDB databases, that are left online without any password set.

About 22,900 MongoDB Databases Exposed!

MongoDB is an open-source database management system, that stores documents in JSON type files instead of traditional tables and rows format. It’s fairly popular, as it’s used by tens of thousands of database administrators to organise their stuff. Thus, attacks on this type of system are reasonably favourable.

And now, as per ZDNet, an unidentified hacker is hijacking exposed MongoDB databases online, and leaving ransom notes for the administrators. He’s claimed to be using an automated script to scan the misconfigured databases, and sneaking in. This campaign is said to be happening since April this year, and the hacker has found about 22,900 MongoDB databases till date. That’s about 47% of total MongoDB databases exposed online.

The ransom note asks the system admins to pay 0.015 Bitcoin to a specific address within two days. And in case of failing to pay in the given time, the hacker warns to be leaking the stolen database and even report to local GDPR authorities. While the hacker claims to give back the data if the ransom is paid, the researcher discovered that databases are being wiped out before leaving the ransom note!

Researchers and even the MongoDB executives reveal the root cause of all these issues as, leaving the databases exposed online without securing them. Many system admins who’ve picked MongoDB program are misconfiguring the software, leaving them exposed. This happens mostly when the set-up tutorial wasn’t followed carefully. Thus, MongoDB has made it secured by default coming out of the box now.


Please enter your comment!
Please enter your name here