Since going public in October of 2017, MondoDB’s stock price has been on a tear, rising nearly six fold. Public investors are enamored with the database software company. Touted as the next-generation database that helps businesses transform their industries by harnessing the power of data, the Company’s revenues have been on a steady incline from $65 million for the year ended January 2016 to its latest reported annual revenue of $267 million.
Some of the world’s most sophisticated organizations of all sizes from early stage companies to large enterprise customers, use MongoDB because of its advanced features and ease of use but also because of its low cost. To date there have been over 40 million product downloads. But it’s not all roses at the Company.
Recently it was revealed that a user of the database exposed 275 million personal records. It is unknown whether there was malicious intent. That’s the issue with allowing users the flexibility to determine security protocols on the data they house within MongoDB. For now the Company states that their users should be free to innovate and use the system in a flexible framework.
The breach was discovered by a researcher who poured over Shodan search results, which provides information on all devices and software applications connected to the internet. Shodan results regularly uncover anything from unsecured webcams to exposed databases. And this time it revealed a major exposure – the millions of records included individuals’ name, gender, employment history and contact information.
But this wasn’t the only time a massive amount of data stored in a MongoDB database was exposed. Just a couple months prior in March 2019, over 800 million email records were left unprotected, many containing personally identifiable information.
It is not yet known whether the above mentioned breaches have or will lead to bad actors demanding ransom payments or the misuse of personal information for credit or other purposes. What has become clear is the need for MongoDB or for that matter any database software provider to prioritize security in addition to product flexibility and features.
Although the Company is currently flying high, an easy misstep of hacked data in the wrong hands could lead to public distrust and a plummeting stock price.