Researcher Calls Out Possibly Insecure MongoDB Instances

by Ostatic Staff - Dec. 17, 2015

From cloud developers working to incorporate databases with their deployments to enterprises that want more flexibility from their data repositories, open source databases are flourishing. Among open databases, MongoDB consistently gets high ranking by reviewers and there are thousands of organizations that use it.

Now, though, John Matherly, the creator of the Shodan search engine for Internet-connected devices, has been posting online notices about unauthenticated and not fully secure MongoDB instances. He says that there are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet.

The issue, here, of course, amplifies a long standing criticism of open source platforms, which contends that security is not as artight with open tools as it is in proprietary ones.

According to Matherly:

 "In light of the recent incident of MacKeeper exposing 13 million accounts through a public, unauthenticated MongoDB instances I wanted to quickly revisit my earlier blog post on the subject....At the moment, there are at least 35,000 publicly available, unauthenticated instances of MongoDB running on the Internet. This is an increase of >5,000 instances since the last article. They're hosted mostly on Amazon, Digital Ocean and Aliyun (cloud computing by Alibaba)...The fact that MongoDB 3.0 is well-represented means that a lot of people are changing the default configuration of MongoDB to something less secure and aren't enabling any firewall to protect their database."

 If you are using MongoDB, there may be simple fixes to enhance security, and configuration is worth looking into.

Matherly also said: " I can't stress enough that this problem is not unique to MongoDB: Redis, CouchDB, Cassandra and Riak are equally impacted by these sorts of misconfigurations."