We are completely locked out of our Atlas account and the support portal right now. We Okta-auth with Mongo and all attempts to auth right now are failing with "The request contained invalid data." displayed on their login screen.<p>Of course, the support portal requires you to auth to use it...to get help with auth failing.<p>Anyone else seeing issues getting in to their dashboard?<p>Edit: Auth started working for us and dashboard access became available for us around 5:15 pm ET.
Nice and to the point, makes it clear that this is early, explains the current scope, tells us to expect a follow up as the information makes its way to them.<p>I like this tbh and I hope people won't punish them for not including more info when this is clearly in the early days of investigation.
> […] regularly rotate their MongoDB Atlas passwords<p>Is there some context I’m missing, or is this a modern security team recommending password rotation?
This highlights risks of extreme consolidation - even if Atlas customers were not affected it is natural for them to be concerned after announcement overwhelming web site or support channels.<p>More independent MongoDB DBaaS providers is what would offer true redundancy in this case, though it is highly restricted due to SSPL license change.<p>Hopefully FerretDB will be successful building feasible alternative
Received this security notice today:<p>Hi Redacted,<p>MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems. This includes exposure of customer account metadata and contact information. At this time, we are NOT aware of any exposure to the data that customers store in MongoDB Atlas.<p>We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time and immediately activated our incident response process. We are still conducting an active investigation and believe that this unauthorized access has been going on for some period of time before discovery. We have also started notifying relevant authorities.<p>What should you do next?
Since we are aware that some customer account metadata and contact information was accessed, please be vigilant for social engineering and phishing attacks.
If not already implemented, we encourage all customers to activate phishing-resistant multi-factor authentication (MFA) and regularly rotate passwords.
MongoDB will continue to update mongodb.com/alerts with additional information as we continue to investigate the matter.<p>Sincerely,
Lena Smart
MongoDB CISO
Why are people still choosing Mongo over Postgres these days? If there's something I'm missing, I'm genuinely curious as I'm not against json data and frequency use jsonb tables in Postgres.