Over the past couple of weeks, 34,503 MongoDB servers have been hacked and held for ransom. Several hacking groups have been attacking public-facing MongoDB servers that have accidentally left the administrator password blank. Hackers have been deleting all of the data in the databases and leaving a ransom note behind demanding between $150 and $500 in bitcoin.
This is yet another case of bad administration. Putting a password on the administrator account is basic knowledge. If you’re a DBA at a company that was affected by this, it’s time to hand in your resignation and take up knitting.
Source: 30,000 MongoDB Servers Hacked and Held for Ransom via Geek Sexy News