The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: NoSQL Database

600TB MongoDB Database 'accidentally' exposed on the Internet

600TB MongoDB Database 'accidentally' exposed on the Internet

July 22, 2015Swati Khandelwal
System administrators have reportedly exposed almost 600 Terabytes (TB) of MongoDB database due to running outdated and unpatched versions of the NoSQL MongoDB database. The open source MongoDB is the most popular NoSQL database used by companies of all sizes, from eBay and Sourceforge to The New York Times and LinkedIn. According to Shodan's representative John Matherly, nearly 30,000 MongoDB instances are publicly accessible over the Internet without the need of any form of authentication. This huge MongoDB database isn't exposed due to a flaw in its latest version of the software, but due to the use of out-of-date and unpatched versions of the platform that fail to bind to localhost. While investigating NoSQL databases, Matherly focused on MongoDB that is growing in popularity. "It turns out that MongoDB version 2.4.14 seems to be the last version that still listened to 0.0.0.0 [in which listening is enabled for all interfaces] by default, which
40,000 UnProtected MongoDB Databases Found on the Internet

40,000 UnProtected MongoDB Databases Found on the Internet

February 12, 2015Mohit Kumar
Nearly 40,000 organisations running MongoDB , a NoSQL high performance and cross-platform document-oriented database, are found to be unprotected and vulnerable to hackers. Three students from University of Saarland in Germany at the Centre for IT Security – Kai Greshake, Eric Petryka and Jens Heyens – discovered that MongoDB databases running at TCP port 27017 as a service on several thousands of commercial web servers are easily accessible on the Internet. MongoDB is an open-source database used by companies of all sizes, across all industries for a wide variety of applications. MongoDB is built for scalability, performance and high availability, scaling from single server deployments to large, complex multi-site architectures. By leveraging in-memory computing, MongoDB provides high performance for both reads and writes. The German researchers said that they were able to get "read and write access" to the unsecured MongoDB databases without using any sp
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.