Recent wave of ransom attacks on MongoDB databases ruined 26,000 servers. Database owners forgot to set passwords on administrator accounts, MongoDB official says. MongoDB plans to harden the database’s security policies in the upcoming 3.6.0 release. The company also plans to add warnings to the company’s download center and incorporate all recommended security practices in MongoDB Atlas, the MongoDB-as-a-Service offering, in a guide to MongoDB security here. At the start of 2017, several groups have held for ransom over 50,000 databases.
Source: https://www.bleepingcomputer.com/news/security/admin-accounts-with-no-passwords-at-the-heart-of-recent-mongodb-ransom-attacks/