If it can happen at MongoHQ it can happen to you. The importance of two factor authentication and VPNs for support users
MongoHQ, the in-cloud database people have put their hands up, very graciously as it happens, to a recent security breach of their hosted platform.
A MongoHQ employee (a Mongster?) had his work password the same as one of his personal accounts and that account was haxored by bad people.
The bad people then compromised the MongoHQ systems and had access to customers databases.
The compromise was possible because the MongoHQ support application is visible to the Internet without being secured by a VPN or two factor authentication. Very basic technology, easy to implement, easy to manage.
Usernames and passwords are of very limited use in public facing systems, especially if your users are silly enough to use the same passwords throughout!
As well as educating your lovely users, ITC recommends the use of VPN tunnels to secure your connectivity to key systems, especially administrative systems, backed up with two factor authentication.
ITC has recently become primary sponsor for the USA Tomahawks Rugby League team (next match vs Wales on Sunday), so if all else fails we can probably send them round to sort out the aforementioned bad boys.
If you would like to discuss this or any other exciting and interesting aspect of your information security, please do contact us on [email protected] or call 020 7517 3900!