Unauthorized access to Docker Hub database

On Thursday April 25th 2019 Docker Hub discovered unauthorized access to a single Docker Hub database storing a subset of non-financial user data. Upon discovery, they acted quickly to intervene and secure the site.

For all Docker Hub users, there is no action required to preserve your security. A password reset link has been sent to any users who potentially had their password hash exposed. Users who have autobuilds who have had their GitHub or Bitbucket repositories unlinked will need to relink those repositories.

Details From Docker Hub Website

During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as GitHub and Bitbucket tokens for Docker autobuilds.

We are enhancing our overall security processes and reviewing our policies. Additional monitoring tools are now in place.

Further details – https://success.docker.com/article/docker-hub-user-notification

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: