Docker Hub Compromised, Users Urged to Reset Passwords, Tokens

Some users of the Docker Hub container registry need to change their credentials, inspect their logs and reboot their autobuilds, as Docker has disclosed that an unknown party temporarily gained unauthorized entry to a Docker Hub database, and was able to access sensitive data from approximately 190,000 accounts.
In addition to Docker Hub accounts, the breach has potentially compromised some associated BitBucket and GitHub accounts for these users.
“On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data. Upon discovery, we acted quickly to intervene and secure the site,” wrote Kent Lamb, Docker director of support, in an email sent to Docker Hub users Thursday. The company notified users who were affected by the breach on Thursday.
Exposed data included usernames and hashed passwords for a subset of these users. Github and Bitbucket tokens, used for Docker autobuilds, were also exposed. The company has already revoked GitHub tokens and access keys of affected users. Ongoing builds from the company’s automated build service may have also been disabled.
Docker advised those impacted by the breach to take the following actions:
- Change their passwords on Docker Hub and any other accounts that shared this password.
- Users with autobuilds that were impacted should reconnect to their repositories and check security logs for unexpected actions.
- Inspect security actions on GitHub or BitBucket accounts for any unexpected access that may have occurred since Thursday.
- Those running automated builds may need to unlink and then relink the Github and Bitbucket source providers.
As of Saturday, Docker has not disclosed any additional information on its web site. About 5% of Docker Hub’s total user base has been directly affected by the breach, according to the company.
“To help prevent something like this from happening in the future, we are enhancing our overall security processes and reviewing our policies. Additional monitoring tools are now in place,” wrote Docker Chief Technology Officer Kal De in a statement.
Those with additional questions can email Docker Support at info@docker.com.