[insanitybit]

Nice and to the point, makes it clear that this is early, explains the current scope, tells us to expect a follow up as the information makes its way to them.

I like this tbh and I hope people won't punish them for not including more info when this is clearly in the early days of investigation.

[webappguy]

It was only DETECTED on the 13th, and they suspect had been going on 'for some time'. And basically not sure if user data was touched but they suspect or haven't provided it yet buly saying'NOT'.

I want answers.

[insanitybit]

Yes, usually breaches take time to detect, and usually the attackers are around for a while first.

I'm sure they want answers too, but they're working on it, and this is what they have right now.

[rezonant]

Your options are: (A) Vendor waits until all the facts are in place and the investigation is finished or (B) Vendor tells customers as early as practical so they can take their own mitigation steps.

You do not have the option of (C) Vendor should tell me about a breach they don't yet know about.

[sigzero]

How does it feel to want? They are doing their due diligence currently.

[abrookewood]

Give them some time.

[infamouscow]

Agreed.

For all the shit MongoDB gets, this is something that people should take a step back and recognize as very high in integrity, transparency, and trust.

Other businesses should follow their lead here.

I'm more inclined to do business with MongoDB because they've demonstrated these principles first-hand.

[rezonant]

I don't use Atlas but I do use self hosted MongoDB, and have been pretty happy with that product. I have the impression that a lot of the dirt slung at Mongo was about unreliability and data loss of the core product early on, which (knock on wood) hasn't been a problem for me on the small to medium scale use cases I've deployed it on. Seems reliability has taken a lot of positive strides over the years.