Hi <name>,<p>MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems. This includes exposure of customer account metadata and contact information. At this time, we are NOT aware of any exposure to the data that customers store in MongoDB Atlas.<p>We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time and immediately activated our incident response process. We are still conducting an active investigation and believe that this unauthorized access has been going on for some period of time before discovery. We have also started notifying relevant authorities.<p>What should you do next?<p><pre><code> Since we are aware that some customer account metadata and contact information was accessed, please be vigilant for social engineering and phishing attacks.
If not already implemented, we encourage all customers to activate phishing-resistant multi-factor authentication (MFA) and regularly rotate passwords.
</code></pre>
MongoDB will continue to update mongodb.com/alerts with additional information as we continue to investigate the matter.<p>Sincerely,<p>Lena Smart<p>MongoDB CISO