Docker Hub breach exposes 190k acccounts

Docker Hub has suffered a major security breach exposing the details of around 190,000 accounts.

The firm said in an email sent to customers over the weekend, which was eventually shared online, that it had discovered unauthorised access on its Docker database last Thursday (April. 25th).  In the message, Docker said the database reportedly contained a “subset of non-financial user data.”

Sensitive data

“During a brief period of unauthorised access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users),” said Kent lamb, the director of Docker Support.

“Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

It remains unclear how the breach occurred or how long the hackers had access to the company’s database.

Docker Hub is a repository for users to find free Docker images on the Docker container application. Its container technology allows developers to build, package, and deploy applications.

While the Docker Hub contains a variety of different container images, the company claims that none of its Official Images were compromised during the attack.

“We have additional security measures in place for our Official Images including GPG signatures on git commits as well as Notary signing to ensure the integrity of each image,” the company said.

Docker said “no action is required” for regular Dock Hub users.

Password reset

“A password reset link has been sent to any users who potentially had their password hash exposed,” said Docker.

However, for DevOps teams which that use GitHub and Bitbucket to automatically build code at periodic interval, containers images are often deployed automatically to Docker Hub as part of the whole process.

“Users who have autobuilds who have had their GitHub or Bitbucket repositories unlinked will need to relink those repositories,” said Docker.

Docker said it is still investigating the incident and will share more information about the attack, when available.