Docker notified its users that an unauthorized entity gained access to a Docker Hub database that exposed sensitive information for roughly 190,000 users.
The exposed information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories.
The tokens allow development teams to automatically re-build their images on Docker Hub.
The exposure of the token could allow an attacker to modify an image and rebuild it depending on the permissions stored in the token, a typical supply chain attack scenario.
Docker was informed of the unauthorized access to a Hub database on April 25th, 2019.
“On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data. Upon discovery, we acted quickly to intervene and secure the site.” reads the data breach notice sent to the impacted users via email.
“During a brief period of unauthorized access to a Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker
The organization confirmed to have already revoked all the exposed tokens and access keys.
“it is important for developers who used Docker Hub autobuild to check their project’s repositories for unauthorized access. ” reads a blog post published by Bleeping computer that first reported the news. “Even worse, with these notices coming late on a Friday night, developers potentially have a long night ahead of them as they assess their code.
The test of the data breach notification notice is available here:
Maintainers of the open source project are asking users to change their password on Docker Hub and any other accounts that shared the same credentials.