3 min read

On Friday, DockerHub informed its users of a security breach in its database, via email written by Kent Lamb, Director of Docker Support. The breach exposed sensitive information including some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories, for approximately 190K users. The company said this number is only five percent of DockerHub’s entire user base.

Lamb highlighted that the security incident which took place a day prior, i.e. on April 25, where the company discovered unauthorized access to a single Hub database storing a subset of non-financial user data.

“For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place,” Lamb said in his email.

The GitHub and Bitbucket access tokens stored in Docker Hub allow developers to modify their project’s code and also help in auto building the images on Docker Hub. In cases where a third-party gains access to these tokens would allow them to gain access to code within the private repositories. They can also easily modify it depending on the permissions stored in the token.

Misusing these tokens to modify code and deploy compromised images can lead to serious supply-chain attacks as Docker Hub images are commonly utilized in server configurations and applications.

“A vast majority of Docker Hub users are employees inside large companies, who may be using their accounts to auto-build containers that they then deploy in live production environments.

A user who fails to change his account password and may have their accounts autobuilds modified to include malware”, ZDNet reports.

Meanwhile, the company has asked users to change their password on Docker Hub and any other accounts that shared this password. For users with autobuilds that may have been impacted, the company has revoked GitHub tokens and access keys, and asked the users to reconnect to their repositories and check security logs to see if any unexpected actions have taken place.

Mentioning DockerHub’s security exposure, a post on Microsoft website mentions, “While initial information led people to believe the hashes of the accounts could lead to image:tags being updated with vulnerabilities, including official and microsoft/ org images, this was not the case. Microsoft has confirmed that the official Microsoft images hosted in Docker Hub have not been compromised.”

Docker said that it is enhancing the overall security processes and also that it is still investigating the incident and will share details when available.

A user on HackerNews commented, “I find it frustrating that they are not stating when exactly did the breach occur. The message implies that they know, due to the “brief period” claim, but they are not explicitly stating one of the most important facts. No mention in the FAQ either.

I’m guessing that they are either not quite certain about the exact timing and duration, or that the brief period was actually embarrassingly long.”

To know more about this news, head over to the official DockerHub post.

Read Next

Hacker destroys Iranian cyber-espionage data; leaks source code of APT34’s hacking tools on Telegram

Liz Fong-Jones on how to secure SSH with Two Factor Authentication (2FA)

WannaCry hero, Marcus Hutchins pleads guilty to malware charges; may face upto 10 years in prison

Savia Lobo
A Data science fanatic. Loves to be updated with the tech happenings around the globe. Loves singing and composing songs. Believes in putting the art in smart.