Description: MongoHQ encountered a privacy invasion on October 27th when a hacker accessed passwords of an employee. This resulted in spammy tweets and facebook posts made on behalf of a client’s account.
Date: November 15th, 2013
How could MongoHQ have prevented last month’s breach that gave an attacker access to the company’s customer database and its customers’ social media accounts? The breach of MongoHQ — a database-as-a-service provider that provides hosted instances of MongoDB — began on October 27, when a hacker accessed the site’s service infrastructure. “The MongoHQ password of one of MongoHQ’s employees was stolen,” said Joel Gascoigne, CEO of social media account management company Buffer, who helped trace back the intrusion after someone began posting spam via the Facebook and Twitter accounts of Buffer’s customers. Read Rest of Story
Questions for discussion:
1. What actions could have been taken to avoid a situation like this?
2. Do you think more secure information systems need to be put in place for this company?