- MongoDB 4.2 introduces mandatory encryption for user PII (personally identifiable information), passwords, and credentials.
- The encryption will take place on local storage, with the keys remaining there.
- The server will only store ciphered entries, and no plain-text data will be present online.
The MongoDB team announced a new feature that landed with the MongoDB 4.2 release that is going to alleviate a common headache for database owners, administrators, and people who find themselves in these data sets, either knowingly or not. This feature is the end-to-end field level encryption (FLE) that makes sure that the sensitive data of the entries are encrypted, and only get decrypted on the client side. What this basically means is that there can be no plain-text form database entries anymore, so even if the database is accessed by hackers, they will not be able to read its contents.
We have been reporting incidents that concern unprotected MongoDB databases containing the PII of millions on a weekly basis for a long time now. In many of these cases, the passwords and login credentials of users of online platforms were stored unhashed, so they were readable in plain-text form. Having a database that is non-secured means that hackers can easily locate it via a Shodan search for example, and then grab the login credentials of thousands or even millions of people and sell them on the Dark Web. This has been going on for too long to hope that database owners will get more responsible and careful, so MongoDB decided that it was time to do something about it.
With FLE, the encryption is taking place at the driver level and the server just accepts the entries. If the data needs to be decrypted again to be used, this will take place at the client level. The encryption keys stay on the driver and never reach the server, so there is no way for an attacker to decrypt the data even if accessed. The MongoDB team also points out that the management of the database entries becomes more comfortable now, as deleting user information is the equivalent of removing the locally stored keys. For starters, the MongoDB will be compatible with the AWS Key Management Service, but support for MS Azure Key Vault and Google Cloud services is set to follow soon.
This change will not help secure databases from getting accessed by hackers, but at least make the data not readable and thus non-usable. If something is to change in the database owners’ mindset is that they will get even more neglectful and careless. However, accessing encrypted data without having the keys is expected to make database searching and breaching a lot less appealing to the attackers, so this is bound to have a positive impact in terms of security.