[AdrianSetter]

> On Monday, a security researcher specialized in finding exposed databases has identified an unsecured MongoDB server that was leaking the personal details of nearly 11 million users.

More accurate title: "Unsecured MongoDB server contains 11M user records"

MongoDB has terrible security defaults but the software itself is not "leaking" anything, this instance has just not been properly configured.

Now I'm not saying MongoDB is blame free, they can certainly make it better, but the blame is at both the user and software.

[owlmirror]

I think it was a terrible decision to have no authentication as default from the MongoDB people, but it was literally one of the first things the documentation made clear. And even without documentation, just setting up the connection should be hint enough that you need to set a password.

The blame lies only on those who set up an unsecured MongoDB in an production environment.