{"id":209218,"date":"2026-02-02T10:13:00","date_gmt":"2026-02-02T15:13:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/02\/hackers-exploit-unsecured-mongodb-instances-to-wipe-data-and-demand-ransom\/"},"modified":"2026-02-02T13:55:15","modified_gmt":"2026-02-02T18:55:15","slug":"hackers-exploit-unsecured-mongodb-instances-to-wipe-data-and-demand-ransom","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/02\/hackers-exploit-unsecured-mongodb-instances-to-wipe-data-and-demand-ransom\/","title":{"rendered":"Hackers exploit unsecured MongoDB instances to wipe data and demand ransom"},"content":{"rendered":"

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom<\/a><\/p>\n

https:\/\/securityaffairs.com\/187548\/security\/hackers-exploit-unsecured-mongodb-instances-to-wipe-data-and-demand-ransom.html?amp<\/a><\/p>\n

Publish Date: 2026-02-02 10:13:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ February 02, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls.<\/h2>\n

Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers compromised. Hackers wiped data and left ransom notes, usually demanding $500 in Bitcoin, often using the same wallet. While over 200,000 MongoDB servers are publicly visible, the biggest risk comes from those left online without proper access controls.<\/p>\n

\u201cOur analysis revealed more than 200,000 servers running MongoDB that were publicly discoverable. Of these, slightly over 100,000 instances disclosed operational information, and 3,100 were fully exposed to the internet without access restrictions.\u201d reads the report<\/strong> published by Flare. \u201cAmong the 3,100 fully exposed servers, 1,416 instances (45.6%) had already been compromised, with their databases wiped and replaced with a ransom note. In nearly all cases, the ransom demand was approximately $500 USD in Bitcoin.\u201d<\/p>\n

The researcher noted that in nearly all cases, the same Bitcoin address appears in ransom notes, pointing to a single attacker. Flare says some unaffected servers may have paid, putting possible earnings between $0 and $842,000.<\/p>\n

\u201cNotably, only five distinct Bitcoin wallets were observed across all incidents, with the wallet\u00a0bc1qe2l4ffmsqfdu43d7n76hp2ksmhclt5g9krx3du\u00a0<\/strong>appearing in over 98% of cases. This strongly suggests the activity is attributable to a single dominant actor, likely the same attacker documented in our previous dark web research.\u201d states the report.<\/p>\n

The researchers observed that over 95,000 servers had at least one vulnerability, however, most flaws only enable denial-of-service. The real risk comes from…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom https:\/\/securityaffairs.com\/187548\/security\/hackers-exploit-unsecured-mongodb-instances-to-wipe-data-and-demand-ransom.html?amp Publish Date: 2026-02-02…<\/p>\n","protected":false},"author":1,"featured_media":209219,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2025\/12\/mongodb-atlas-google-cloud-partnership-nosql-databases-integrations-2.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-209218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209218"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=209218"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209218\/revisions"}],"predecessor-version":[{"id":209220,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209218\/revisions\/209220"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/209219"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=209218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=209218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=209218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}