
Our entire database was maliciously deleted - handpickednames
https://sendtodropbox.com/update
======
wolfgang42
This is why you should _always_ have backups.

I'm astonished that this post doesn't have any discussion on the security
implications: they _say_ that the database was not copied, but I'd still be
nervous about this--presumably it contained access tokens to Dropbox as well
as email addresses. If it didn't I'd still want to hear verification of that.

Their homepage claims "Secure" as one of their four main features, which is
rather belied by the presence of a default administrative user on their
database server--not to mention that the database itself seems to have been
publicly accessible from the larger internet. This seems like it would have
been prevented by simply putting a firewall on the server and not opening
unnecessary ports.

------
fiedzia
> I believe MongoDB shares some blame for the 20,000+ databases that were
> compromised for shipping a product with insecure default settings

No, its your job to have backup and proper review of _your_ infrastructure,
not someone else.

~~~
wolfgang42
Here's an extensive discussion about this problem, with good points on both
sides:
[https://news.ycombinator.com/item?id=13374715](https://news.ycombinator.com/item?id=13374715)

~~~
alex_hitchins
The biggest point is to at least take your own backups, and better yet try to
restore from them once in awhile. Even more betters, have a look at your
security settings.

~~~
fiedzia
And take off this "secure" info from this page.

