22:50, 1 Nov 2013
MongoHQ indicated that our primary (non-HIPAA) production database suffered 1 malicious connection lasting approximately 3 minutes from a single IP address. This IP address appears to originate in the Netherlands. The database logs MongoHQ provided to us do not include read/download commands so we are unable to verify if any member account information (such as email addresses, names, etc) was extracted during those 3 minutes. In any case, we store users' passwords using bcrypt, a one-way, cryptographically-strong hashing mechanism. We do not store credit card details. Finally, the attacker did not appear to make any modifications to medical content. We will continue to monitor our systems and users accounts for any suspicious activity.
09:31, 1 Nov 2013
Our team has requested additional logging details from MongoHQ to analyze the extent of the exposure. Our first priority is to identify and remedy any potential risks to the quality of the medical content then determine what information may have been extracted by the malicious servers.
22:15, 31 Oct 2013
We received notification from MongoHQ that several AgileMD databases were accessed by malicious servers during their security breach. MongoHQ is responding to the threat in coordination with all of its customers and its partners (including Amazon AWS). They have also reported this incident to the appropriate law enforcement agencies.
MongoHQ's postmortem analysis: http://security.mongohq.com/notice