Security Risk Management

Uncovering the Impact of the MongoDB Vulnerability

Joel Alcon | January 17, 2017

Over the past couple of weeks, a major issue has surfaced affecting numerous companies that use MongoDB to store their data. Those who install MongoDB on a server and use default settings are exposing their data to the internet and allowing anybody to browse the databases, download information, and erase them entirely. Many companies are unaware of the vulnerability and that their information may be exposed to hackers. Criminals are reacting quickly and opportunistically by stealing data, then asking for a ransom. To make matters worse, some criminals asking for a ransom don’t actually have the data, so when the ransom is paid, companies are still left without answers. In addition to MongoDB, it was reported that clusters of Elasticsearch, an enterprise search engine has also been hit with ransomware.

Who Uses MongoDB?Request Demo

According to Brian Krebs, there are over
 52,000 of these publicly accessible databases on the Internet, and that figure may continue to grow as researchers discover additional
 databases. The important question
 is this: how many companies are potentially exposed to this vulnerability? To provide perspective, I used
 our BitSight Security Ratings platform and analyzed a sample of 1,870 companies across 14 different industries. I found that 112 (5.9%) of the companies from my sample were found having MongoDB exposed to the internet.

It’s important to note that just because a company is usingopen port filter.png
MongoDB, it does not necessarily mean that they’ve been the victim of an attack or that they are susceptible to one. Some companies may have configured their systems correctly by changing the default password and their sensitive information is not exposed over the internet. To investigate further, companies should seek to answer an important question through their security assessments: do you expose private information over the internet?

The Potential Impact

Whether a company uses MongoDB or another online database platform, if they expose sensitive information over the internet, they become vulnerable to cyber attacks. A recent study between BitSight and Advisen, Bridging the Gap: How Cyber Practices & Data Breaches are Connected, found that 60 percent of breached organizations had 10 or more ports susceptible to unauthorized use. As we’ve seen with the recent MongoDB vulnerability, open ports exposed to the internet can provide ways for attackers to access a company’s network and steal information. The figure below from the referenced report shows the difference in performance between companies by the number of ports exposed to the internet.


The issue of open ports and risk aggregation is especially important for cyber insurers with a large book of business. One single data breach or disruption that impacts many companies can lead to an influx of cyber insurance claims, which ultimately can have an adverse impact on a cyber insurer’s bottom line. According to Jake Olcott, VP of Strategic Partnerships at BitSight, “insurers are concerned that one bad cyber risk can impact their entire book of business, so they are trying to understand what those risks might be and address them during the underwriting process.”

What To Do Next

Many companies are trying to figure out what to do in light of the recent cyber attacks stemming from the MongoDB vulnerability. There are some key steps that companies can take to mitigate the cyber risk of open ports:

  • Backup Critical Data. Companies should perform backups of their data to ensure that if their information is stolen, they have systems in place to continue business operations.
  • Properly Configure Servers. Companies should ensure that servers with sensitive information are not open to the internet. They should reconfigure these systems to protect their company’s private information. If you must access the data over the internet, you should restrict access to only internal users on VPN.  As a quick first step, ensure that you change the default passwords on these servers.
  • Continuously Monitor Third Parties. Companies may have their systems configured correctly, but their vendors may not. Organizations that emphasize good cybersecurity should hold their vendors to the same standards, and continuously monitor their security performance.

BitSight enables organizations to search their book of business or folders of vendors and identify services such as MongoDB that are being exposed to the internet. Security teams can instantly generate reports showing the companies using these services, and send them an Enable Vendor Access request through the portal to provide them access to their own instance of BitSight Security Ratings. Schedule your demo today!

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...


3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...


Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...


Subscribe to get security news and updates in your inbox.