
MongoDB server leaks 11M user records from e-marketing service - LinuxBender
https://www.zdnet.com/article/mongodb-server-leaks-11-million-user-records-from-e-marketing-service/
======
AdrianSetter
> On Monday, a security researcher specialized in finding exposed databases
> has identified an unsecured MongoDB server that was leaking the personal
> details of nearly 11 million users.

More accurate title: "Unsecured MongoDB server contains 11M user records"

MongoDB has terrible security defaults but the software itself is not
"leaking" anything, this instance has just not been properly configured.

Now I'm not saying MongoDB is blame free, they can certainly make it better,
but the blame is at both the user and software.

~~~
owlmirror
I think it was a terrible decision to have no authentication as default from
the MongoDB people, but it was literally one of the first things the
documentation made clear. And even without documentation, just setting up the
connection should be hint enough that you need to set a password.

The blame lies only on those who set up an unsecured MongoDB in an production
environment.

