MongoDB Security Incident Post Event Summary, January 23, 2023 On December 16, 2023, MongoDB informed customers of a security incident involving unauthorized access to certain corporate systems, including exposure of customer account metadata and contact information. The investigation revealed that an initial flaw in a third-party application used by MongoDB staff enabled phishing attacks, allowing the unauthorized party to acquire credentials and access data in corporate applications. Within twenty-four hours, standard session limits kicked in, and the unauthorized party lost access to most systems except for the corporate messaging application. Over several days, the unauthorized party sent targeted phishing messages to employees, briefly regaining access to some systems. After a MongoDB employee identified suspicious emails, the security team enacted its incident response plan, taking steps to disable the flawed application, reset credentials, clear active sessions, examine the environment, and harden security posture. The investigation is complete and closed, with the unauthorized party no longer having access to MongoDB's environment.