Docker Hub Breach Exposes 190K Users

Docker Hub Breach Exposes 190K Users

Docker Hub has suffered a major security breach exposing around 190,000 accounts, the firm revealed to its users over the weekend.

According to an email to customers shared online, the world's largest container image library discovered unauthorized access to its platform last Thursday. The database in question is said to have stored a “subset of non-financial user data.”

“During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users),” the notice from director of Docker Support, Kent Lamb, continued.

“Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

The firm is now requiring affected users to change their password for Docker Hub, and any other accounts it may have been used to secure.

It said users can view security actions on their GitHub or Bitbucket accounts to check for any suspicious activity.

“For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place,” Lamb added.

With access to users’ autobuilds, hackers could theoretically add malware to containers, which could then be deployed in live environments.

Microsoft was quick to point out that its images weren’t affected by the incident.

This isn’t the first time Docker Hub has come under scrutiny for its security practices.

Last June, security vendor Kromtech claimed to have found 17 malicious docker images stored on Docker Hub for an entire year, resulting in over five million downloads which enabled the malware authors to make $90,000 from illegal cryptomining.

Source: Information Security Magazine