The MongoDB Exploit with Niall Merrigan - RunAsRadio
"...the challenge is that the default security models for many of these products (MongoDb, ElasticSearch, etc.) leaves them vulnerable to outside attack."
Years ago SQL Sever had same issue with default admin "sa" account's empty password.
a security tool suggested in podcast:
"Shodan is the world's first search engine for Internet-connected devices."