Data Breaches

Docker Hub Database hack impacted 190,000 users


Docker Hub which is the official repository for Docker container images suffered a security breach on Friday night. The breach came into notice when the company started emailing customers regarding a security incident which occurred a day earlier on April 25.

Director of Docker Support, Kent Lamb stated that they found unauthorized access to a single Hub database storing a subset of non-financial user data on 25th of April. The hackers managed to access the database only for a very short time but within that time the data of around 190,000 users had been exposed. However, this is just only five percent of Docker Hub’s entire userbase.

It is not sure whether the hackers have downloaded any user data from this Docker Hub server. If they have done so, then it is possible to know the Docker Hub user names, hashed passwords, and Github and Bitbucket tokens used for auto-building Docker container images.

All the affected users are being notified regarding the breach and are requested to change their passwords at the earliest.

According to the email sent to the customers, the company have revoked GitHub tokens and access keys for the affected users with autobuilds. They are also asked to reconnect to their repositories and check security logs to find for any unexpected activities.

The users are also requested to check the logs of their GitHub and Bitbucket account login for any unauthorized access from unknown IP addresses.

This breach however cannot be considered as a small one though. A huge majority of Docker Hub users are employees of large firms who uses their account to auto-build containers which they then deploy in live production environments.

Any user who fails to change his account password may have their accounts autobuilds modified to include malware.

Docker is currently investigating about the incident and further details regarding the issue will be shared later. The news of the security incident was not disclosed on the company’s website, but was only sent out through email.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    GoDaddy removes 15,000 subdomains used for online scams

    Previous article

    Crypto Mining Malware uses leaked NSA Hacking Tools

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *