How my MongoDB got hacked?

What mistakes I did?

I deployed mongo DB on an EC2 instance using docker and kept following configurations.

• Used the default port 27017
• Did not create a mongo user and user roles.
• No restriction on IP addresses that can make requests to my MongoDB.
• I didn’t take timely backup of my data.
• The connection string was just simple url. No username and password.

Few days back, when I tried to see my collection, it was empty and there was one collection created by hacker stating to pay for the data.

Luckily it was just a test data, nothing serious. But it taught me a lesson that even if we are just spinning up a simple test MongoDB, we must setup authentication.

Hacking is real and they can target anyone.

Stay alert and think about securing your DB.