The MongoDB Security Incident Update provides an update on the security incident first reported on December 16, 2023. The investigation has found no evidence of unauthorized access to MongoDB Atlas clusters or the cluster authentication system. However, a phishing attack was used by an unauthorized third party to gain access to corporate applications that provide support services to MongoDB customers. The unauthorized third party has been removed from the corporate applications and the incident is considered contained. The affected customer data includes contact information and account metadata for CRM and Customer Support Applications. A list of indicators of compromise (IOCs) has also been shared with customers, which can be used to set up firewall blocks or monitoring and search application logs for anomalous activity. MongoDB recommends that customers take proactive measures to protect themselves against social engineering and phishing attacks, activate phishing-resistant multifactor authentication, and regularly rotate their passwords.