How my MongoDB got hacked?

What mistakes I did?

I deployed mongo DB on an EC2 instance using docker and kept following configurations.

  • Used the default port 27017
  • Did not create a mongo user and user roles.
  • No restriction on IP addresses that can make requests to my MongoDB.
  • I didn’t take timely backup of my data.
  • The connection string was just simple url. No username and password.

Few days back, when I tried to see my collection, it was empty and there was one collection created by hacker stating to pay for the data.

Luckily it was just a test data, nothing serious. But it taught me a lesson that even if we are just spinning up a simple test MongoDB, we must setup authentication.

Hacking is real and they can target anyone.

Stay alert and think about securing your DB.

Suffering from Knowledge Quest