Any handy tips of checking if we are victims?
https://krebsonsecurity.com/2015/12/13-million-mackeeper-users-exposed/
You could use any one of the numerous online port scanners to scan your mongodb ports (whatever you’ve configured them to be) and if you find you can connect on that port,
- either move that to a private network
- or secure it with access credentials
If you are using a service that privdes you mongodb hosting, ask them if the concerns outlined in this article applies to your databases.