Just found that my mongodb instance on an EC2 instance was hacked.
Yes, I used no password - my bad - but no probs - no great loss, so pppffffttt to you email@example.com
Seriously though, set up authentication, maybe even change the port that mongod listens on, or use a 3rd party db host like mLab or something.
Once bitten, twice shy.
I opened my EC2 security group for port 27017 from 0.0.0.0 (anywhere) so I could connect to the mongo database from home (using MongoChef) - because its easy to develop against the real db.
One shouldn't do it that way, but there you go ....