---
title: "Nosql-based stacks exposed to the internet"
page_name: "NoSQL-based stacks exposed to the Internet"
type: "blog"
slug: "nosql-based-stacks"
published_at: "2020-05-27"
modified_at: "2025-05-09"
url: "https://www.sumologic.com/blog/nosql-based-stacks"
canonical: "https://www.sumologic.com/blog/nosql-based-stacks"
markdown_url: "https://www.sumologic.com/blog/nosql-based-stacks.md"
lang: "en"
excerpt: "NoSQL technology has become popular thanks to new open-source NoSQL databases."
taxonomy_blog_category:
  - "SecOps &amp; Security"
---

[ All blogs ](https://www.sumologic.com/blog "blog")[SecOps &amp; Security](https://www.sumologic.com/blog/secops-security)

# NoSQL-based stacks exposed to the Internet

[Kevin Stear](#blog-author-block-193)

May 27, 2020

2 min read 

[SecOps &amp; Security](https://www.sumologic.com/blog/secops-security)

##### Table of contents

 

 

 

NoSQL technology has become more popular in recent years thanks to the development of new open-source NoSQL databases that are relatively easy to install, use and integrate with web frameworks. An example of one of those popular frameworks on the internet is known as **[MEAN](https://en.wikipedia.org/wiki/MEAN_(software_bundle))** (MongoDb, Express.js, Angular.js, Node.js).

These NoSQL frameworks have become very popular for things such as content management, catalogs and big data in general. Some of the most popular NoSQL technologies include:

- **[MongoDB](https://www.mongodb.com/cloud/atlas/lp/general?jmp=search&utm_source=google&utm_campaign=Americas-US-MongoDB-to-Atlas-Brand-Alpha&utm_keyword=mongodb&utm_device=c&utm_network=g&utm_medium=cpc&utm_creative=257481955159&utm_matchtype=e&_bt=257481955159&_bk=mongodb&_bm=e&_bn=g&gclid=EAIaIQobChMIh_SArc3E2wIVCY9pCh3-wg5iEAAYASAAEgL63vD_BwE)**
- **[Redis](http://www.redis.io/)**
- **[Neo4j](https://neo4j.com/download-neo4j-now/?utm_source=google&utm_medium=ppc&utm_campaign=*NA%20-%20Search%20-%20Branded&utm_adgroup=*NA%20-%20Search%20-%20Branded%20-%20Neo4j%20-%20Exact&utm_term=neo4j&gclid=EAIaIQobChMI6NLSw83E2wIVBtbACh30cgkrEAAYASAAEgJj0fD_BwE)**
- **[HBASE](https://hbase.apache.org/)**
- **[Cassandra](http://cassandra.apache.org/)**

No-SQL databases are highly scalable and can process very large amounts of unstructured data. Many of these No-SQL databases have some of the largest data repositories on the internet, specifically **[Hadoop clusters](https://www.v3.co.uk/v3-uk/news/3011237/hadoop-servers-are-exposing-5pb-of-data-200-times-more-than-mongodb)**, which is an ecosystem of technologies where several No-SQL technologies are in place.

Perhaps by omission, or because many of these technologies are new, there does not seem to be an active effort in securing these huge data repositories actively exposed to the internet and plagued with security weaknesses, such as: lack of authentication, encryption and even at best case scenario with weak or default credentials.

The popularity of these frameworks makes them attractive for exploitation as malicious actors are constantly seeking resources for crime-driven operations such as spam, piracy, DDoS and profit-driven crypto mining. An example of the above is the recent report of **[California’s voter database](https://www.bleepingcomputer.com/news/security/california-voter-database-exposed-online-again-held-for-ransom-again/)** being compromised and held for ransom.

Although No-SQL frameworks are not as prevalent as SQL based frameworks (e.g. [**LAMP**](https://en.wikipedia.org/wiki/LAMP_(software_bundle))), Non-SQL frameworks are just as vulnerable and targeted as the SQL-based ones. The fact that these databases are often exposed to the Internet with default credentials (or no authentication) allows malicious actors to perform mass exploitation targeting such frameworks. Recent **[reports](https://www.helpnetsecurity.com/2018/06/01/redis-compromise/)** on a very large number of Redis servers exposed to the internet, and possibly compromised, indicate that malicious actors are using them for at-scale cryptocurrency mining operations.

### Article Tags

- [SecOps &amp; Security](https://www.sumologic.com/blog/secops-security)

Kevin Stear

[](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=NoSQL-based%20stacks%20exposed%20to%20the%20Internet&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fnosql-based-stacks "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fnosql-based-stacks "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fnosql-based-stacks "Linkedin")

[Previous blog

Spam In the Browser](https://www.sumologic.com/blog/spam-in-the-browser)[Next blog

Utilizing Cloud SOAR to manage IT and OT and strengthen the cybersecurity posture](https://www.sumologic.com/blog/utilizing-cloud-soar-to-manage-it-and-ot-systems-and-strengthen-the-cyber-security-posture)

People who read this also enjoyed

[  

AI across the security lifecycle

June 18, 2026

 

 ](https://www.sumologic.com/blog/ai-across-security-lifecycle)[  

Balance AI innovation and governance with Sumo Logic AI and ML apps

June 10, 2026

 

 ](https://www.sumologic.com/blog/sumo-logic-ai-ml-apps-governance)[  

Sumo Logic AWS Region European Sovereign Cloud is now generally available

June 2, 2026

 

 ](https://www.sumologic.com/blog/sumo-logic-aws-region-european-sovereign-cloud-generally-available)[  

How digital banking is redefining fraud prevention

May 28, 2026

 ](https://www.sumologic.com/blog/digital-banking-redefining-fraud-prevention)

[AI Instructions](https://www.sumologic.com/ai-instructions.md)