Unauthorized access to MongoDB could lead to data disclosure or deletion extortion, which could have grave consequences.
For example, on February 14, 2019, the National Computer Network Emergency Response Technical Team/Coordination Center of China (known as CNCERT or CNCERT/CC) detected that some MongoDB databases in China were exposed on the Internet, leading to leaks of important information.
By default, a MongoDB database requires no authentication if you do not set any parameters when activating the MongoDB service. Without any passwords, users who have logged on to the service can use the default port to remotely access the database and perform any operations (including high-risk operations such as add, delete, edit, and query) on the database.
To ensure the security of your business and applications, fix the vulnerability as soon as possible. For more information, see Best practices for defense against unauthorized access to MongoDB.