A zero day MongoDB security vulnerability (CVE-2013-1892) was discovered by the folks at SCRT.
10gen has patched Mongodb to fix this issue. ObjectRocket is integrating this patch into our version of MongoDB and we will begin rolling this out to customers. All new instances and shards will have this patch integrated into it.
ObjectRocket takes security very seriously. Every instance requires an ACL for access above and beyond native MongoDB security as well as all connections can be SSL enabled. We are recommending this patch across the board. Customers will be contacted by support as this patch is rolled out.
Questions and concerns can be routed through support.