How my MongoDB got hacked?

What mistakes I did?

I deployed mongo DB on an EC2 instance using docker and kept following configurations.

  • Used the default port 27017
  • Did not create a mongo user and user roles.
  • No restriction on IP addresses that can make requests to my MongoDB.
  • I didn’t take timely backup of my data.
  • The connection string was just simple url. No username and password.

Few days back, when I tried to see my collection, it was empty and there was one collection created by hacker stating to pay for the data.

Luckily it was just a test data, nothing serious. But it taught me a lesson that even if we are just spinning up a simple test MongoDB, we must setup authentication.

Hacking is real and they can target anyone.

Stay alert and think about securing your DB.

Suffering from Knowledge Quest

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store