I just realized that I have been connecting (sending user name and password) to my production MongoDB database for several weeks using MongoChef (a database GUI) without the SSL option enabled. I recently switched to MongoChef from a different GUI, and totally forgot to enable SSL.
I'm reasonably confident that no one on my local network was sniffing (all people I trust). I'm mostly worried about someone, somewhere on one of the ISP devices in between me and the database was listening and collecting data that could be valuable.
I'm wondering if there is anyway to quantify the risk? And is there anyway anyone can think of for me to determine if I have been compromised. If it makes any difference, the datacenter I was connecting to is in a neighboring region of the country.
Thanks