Friday, December 18, 2015
MongoDB not to blame for MacKeeper data breach
So 13 million MacKeeper users have had their data potentially exposed following a breach. Or at least that’s what you might think having scanned the online headlines about the MacKeeper data breach. Those readers who bothered to delve deeper than the headline might be forgiven for thinking that MongoDB, the ‘web-scale’ database involved, is insecure and to be avoided. The truth, however, is that neither conclusion is actually 100 per cent correct. The only person known to have breached the MacKeeper web servers was the researcher who uncovered the security issue in the first place; and he responsibly disclosed this to the MacKeeper developers so they could shore up their defences before going public. Which Kromtech, the company behind MacKeeper, did. As for the ‘MongoDB is insecure’ scare that has accompanied the revelation, that is equally incorrect. The instance of MongoDB in this particular case was misconfigured, had it been set up properly it would have been as secure as you might expect. Saying MongoDB is at fault here is like blaming your door for a house robbery when you forgot to lock it.