Docker Hub database access compromises 190,000 accounts

News by Doug Olenick

Company claims that no images were compromised

Docker Hub reported a single database was accessed by an unauthorised user on 25 April exposing 190,000 accounts.

The company did not indicate how the database was accessed, but it is asking users to reset their Docker Hub password. The exposed information included usernames and hashed passwords for a small percentage of users as well as GitHub and Bitbucket tokens for Docker autobuilds. The company has revoked all these tokens and in cases where the password hash was potentially exposed the company is forcing a password reset.

"No Official Images have been compromised. We have additional security measures in place for our Official Images including GPG signatures on git commits as well as Notary signing to ensure the integrity of each image," Docker said in a statement.

The 190,000 impacted accounts represent about five per cent of the Docker Hub user base.

"Because Docker didn’t provide a specific timeline for this breach, no one knows how long ago the unauthorised access occurred. As with most breaches, the perpetrators may have had access to compromised resources significantly longer than just last week. To be safe, you should verify recently pushed images going back over the past several weeks. Doing this audit can be difficult as not every registry will let you filter the data by image age," said Wei Lien Dang, Vice President of Product at StackRox.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike