What mistakes I did?
I deployed mongo DB on an EC2 instance using docker and kept following configurations.
- Used the default port 27017
- Did not create a mongo user and user roles.
- No restriction on IP addresses that can make requests to my MongoDB.
- I didn’t take timely backup of my data.
- The connection string was just simple url. No username and password.
Few days back, when I tried to see my collection, it was empty and there was one collection created by hacker stating to pay for the data.
Luckily it was just a test data, nothing serious. But it taught me a lesson that even if we are just spinning up a simple test MongoDB, we must setup authentication.
Hacking is real and they can target anyone.
Stay alert and think about securing your DB.