MongoDB databases were struck by a large scale ransomware attack.

A threat actor compromised 1,416 out of 3,100 publicly exposed MongoDB instances, wiping data and replacing it with ransom notes demanding about $500 in Bitcoin. In 98% of cases, the same Bitcoin address was used, suggesting a single attacker behind the campaign. Despite the scale, the associated wallet shows only about $400 received, indicating limited financial success. Over 95,000 additional MongoDB servers were found to have vulnerabilities, many due to lack of access controls.

Read more:

https://www.securityweek.com/over-1400-mongodb-databases-ransacked-by-threat-actor/