Docker Hub Database hacked, 190,000 users impacted

Docker became aware of unauthorized access to a Docker Hub database that exposed sensitive information for roughly 190,000 users.

Docker notified its users that an unauthorized entity gained access to a Docker Hub database that exposed sensitive information for roughly 190,000 users.

The exposed information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories.
The tokens allow development teams to automatically re-build their images on Docker Hub.

The exposure of the token could allow an attacker to modify an image and rebuild it depending on the permissions stored in the token, a typical supply chain attack scenario.

Docker was informed of the unauthorized access to a Hub database on April 25th, 2019.

“On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data. Upon discovery, we acted quickly to intervene and secure the site.” reads the data breach notice sent to the impacted users via email.

“During a brief period of unauthorized access to a Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

The organization confirmed to have already revoked all the exposed tokens and access keys.

“it is important for developers who used Docker Hub autobuild to check their project’s repositories for unauthorized access. ” reads a blog post published by Bleeping computer that first reported the news. “Even worse, with these notices coming late on a Friday night, developers potentially have a long night ahead of them as they assess their code.

The test of the data breach notification notice is available here:

https://news.ycombinator.com/item?id=19763413

Maintainers of the open source project are asking users to change their password on Docker Hub and any other accounts that shared the same credentials.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.