SoylentNews is people
SoylentNews
The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized.
As of Sunday, security researcher and Microsoft developer Niall Merrigan identified more than 27,000 MongoDB databases seized by ransomware. By Tuesday afternoon Pacific Time, an online spreadsheet maintained by Merrigan and fellow security researcher Victor Gevers listed 32,643 victims.
The attacks involve hackers who copy data from insecure databases, delete the original, and ask for a ransom of a few hundred dollars worth of Bitcoin to return the stolen data back to the owner.
MongoDB, like other NoSQL databases, has suffered from security shortcomings for years. Trustwave called out MongoDB in 2013. Security researcher John Matherly did so again in 2015.
Where MySQL, PostgreSQL, and other relational databases tend to default to local installation and some form of authorization, MongoDB databases are exposed to the internet by default, and don't require credentials immediately by default.
MongoDB's security checklist is here. The company has stated it is the user's responsibility to make these changes to the default configuration.
(Score: 2) by rigrig on Saturday January 14 2017, @03:48AM
Oh noes, all data on our server was accidentally formatted+/hacked through softwareX*/crisped in a fire/deleted buy a bug in softwareX*/"safely" disposed off+/destroyed by flooding/dropped by an intern+
Data Security Plan: we can shift the blame to an external party/intern in 5 out of 7 cases, and claim unforeseeable circumstances if something else happens, so we should be ok, no need for (costly) backups.
*We can blame this on softwareX
+We can blame this on an intern
No one remembers the singer.