The platform is hacked, after connecting my mongoDB it wiped out all my data and left a message asking to send BTC to an address to recover it.
My MongoDB was closed to localhost, I created an user to be able to connect from make.com and opened the firewall. The logs show a connection from Ireland, which is the server from make.com, that connection dropped all my databases and left that message.
I have lost months of data, I can’t believe it. This has cost me a lot of money. I’m really upset.
Hey @Fran_Sanchez this is something very serious of it’s true.
Can you forward the Make Support team more information?
Definitely reach out to Make support directly. They have some internal logging, but it’s never been made clear how detailed those logs are. And they are unfortunately 100% not available to us from within Make.
@Fran_Sanchez thanks for writing here. Please reach out to our support, they can help you. Please provide as many details as possible.
I just checked your email in haveibeenpwnd and it seems to be on the list and previously pwned. Please make sure to change all your passwords. Everyone please be advised to use 2FA as best security standard.
haveibeenpwnd has nothing to do with this, I had created a user to be used JUST for the make.com platform and that password has never been sent out anywhere or could have been leaked anywhere. As you can see on the logs the european IP (I chose Europe when setting up the make.com account) is the one providing auth to the connection that ultimately wiped my databases and asked for a ransom, just minutes after that user was created!
The fact that you bring up haveibeenpwnd is almost laughable.
Celonis has taken this very seriously and put in the time and effort to understand what exactly happened. By reviewing additional logs, which have been valuable in determining whether there was any exposure for Make or not, our security team has reviewed the available data and did not find any evidence of compromise from Make.