MSPs and MSSPs that offer MongoDB managed services might be working overtime to clean up numerous data breaches in the days ahead.
Indeed, a hacker apparently has targeted nearly 23,000 MongoDB bases that were exposed online with passwords.
MongoDB customers that didn't properly secure their databases now run the risk of losing their data and perhaps suffering a General Data Protection Regulation (GDPR) data leak violation. To avoid that GDPR headache, the hacker is demanding those MongoDB customers pay a ransom.
ZDNet was the first organization to report the massive MongoDB hack and ransom threat. Now, experts across the MSP and MSSP (managed security services provider) industry are alerting customers and trying to determine if those customers are at risk to the hacker's threat.
MSP-friendly software companies are also weighing in with guidance. "In the case of the MongoDB compromise, technical staff need to always change or alter the default credentials of newly installed tools and systems," notes Jay Ryerse, CISSP and VP of cybersecurity initiatives at ConnectWise.
MSPs and Cloud Service Providers: Raising Their Defenses
Indeed, on-premises applications and cloud workloads increasingly suffer hacks because of relaxed security practices and/or IT administrator misconfigurations -- such as failing to activate basic passwords or failing to raise defenses to two-factor authentication (2FA).
Still, there are signs of progress. Numerous MSP software providers are now defaulting their platforms to 2FA settings. And cloud providers such as Amazon Web Services (AWS) have introduced new tools to help users spot configuration issues. For instance, AWS in December 2019 announced Access Analyzer to help organizations minimize the risk of S3 bucket data leaks.
Meanwhile, we'll be watching to see if or how MSPs and MSSPs assist MongoDB customers with the current hacker ransom situation.