So the Kremlin have required that any financial institution operating in Russia provide them with an administrator account. Said account credentials were all stored on a default credential MongoDB account. And here I thought Russia implemented good OpSec https://yro.slashdot.org/story/19/02/02/025259/the-kremlins-remote-access-credentials-left-thousands-of-businesses-exposed-for-years?utm_source=rss1.0mainlinkanon&utm_medium=feed
@aussierockman Unless I misunderstood, the accounts weren't all stored in one database - it's just the same login email address kept showing up in lots of different orgs' unsecured mongo.
@aussierockman ah c'mon, they're just messing with us!
@aussierockman its very funny as US news sites write that all these credentials were used by russian government, and russian media write that it is MongoDB who created and used backdoor :)
A Mastodon instance for info/cyber security-minded people.