To start with a pretty interesting story. Two MongoDB instances of a programmer mate just got hacked within one day…
Luckily backups were made to prevent big data losses but hashed information like usernames and passwords are gone. After hours of reading documentations and articles from so called experts I found huge misstakes within the mongodb default configuration.
E. g. standard mongodb instances are running on port 27017 and are not using autentication. Also big hosting companies such as hosteurope are making it pretty easy to access or at least ping the database because the default ports are accessible over the web instead of only from localhost (127.0.0.1)