SECURITY
SECURITY
SECURITY
190,000 user accounts exposed in hack of Docker Hub database
A Docker Hub database has been hacked, exposing data relating to about 190,000 users.
The unauthorized access was detected on April 25, and Docker moving quickly to intervene and secure the database.
Docker Hub is a library and community for container images, hosting over 100,000 container images from software vendors, open-source projects and the broader Docker community. The single database accessed is described as storing nonfinancial data but it included usernames and hashed passwords as well as GitHub and BitBucket tokens for Docker autobuilds.
The theft of usernames is never positive, but the biggest risk comes from the token theft. The GitHub and BitBucket access tokens allow developers to modify a project’s code and have it automatically build on Docker Hub.
Should the person or group behind the hack have gained access to these tokens, it would potentially allow them to modify code and images on Docker Hub, opening up a can of worms when it comes to the security of code on the service.
Docker said in a user notification that it has revoked tokens and access keys, stopping further unauthorized access. But the risk remains since there is a gap between when the hack took place and when Docker acted. “We ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place,” Docker wrote.
On the Docker breach: Even if your company doesn't rely on Docker Hub for production, if a developer in your org enabled auto builds and linked to GitHub via oauth for a personal project, when that oauth token is compromised, _all_ repos on GH they had access to are vulnerable.
— Kenn White (@kennwhite) April 27, 2019
As ZDNet pointed outs, “while only 190,000 seems a small breach, it is not. A vast majority of Docker Hub users are employees inside large companies, who may be using their accounts to auto-build containers that they then deploy in live production environments.”
Docker noted that it had contacted all affected users and that they continue to investigate how the hack took place. “We are enhancing our overall security processes and reviewing our policies. Additional monitoring tools are now in place,” the company said.
Users are also advised to change their password on Docker Hub and on any accounts that shared the same password as a precaution.
Photo: Buonasera/Wikimedia Commons
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
