190,000 Docker Hub user names and passwords exposed in security breach

Bitbucket and Github access tokens for Docker autobuilds also exposed

Docker, the company behind the popular containerisation app, has admitted to a breach of its Hub database of container images, exposing the details of approximately 190,000 users.

Docker Hub is the default cloud-based registry where Docker implementations look for images. It is used by thousands of developers and companies all across the world.

Docker first detected the hack on 25^th April and then revealed the details about it in email to customers and users of Docker Hub.

Bitbucket and Github access tokens for Docker autobuilds were also exposed during the incident

In the message, the company said that the attackers could have stolen user names and hashed passwords for about 190,000 users - nearly five per cent of Docker Hub's entire userbase. Bitbucket and Github access tokens for Docker autobuilds were also exposed during the incident.

Using these tokens, developers can modify the code of their project and can then autobuild the image on Docker Hub. An attacker, after getting access to tokens, could easily access a private repositories code and modify it depending on the permissions provided.

Because Hub images are frequently used in server configurations, changing the code and deploying compromised images could further lead to deeper supply-chain attacks.

Using these tokens, developers can modify the code of their project and can then autobuild the image on Docker Hub

Docket informed users that it revoked all access token to the accounts whose data might have been exposed during the attack. It also asked users to immediately change their password on Docker Hub as well as on other accounts, which shared this password.

The company advised users to reconnect to their repositories and check security logs to see if any unexpected activity was carried out from their accounts.

No Official Images were compromised during the attack, according to Docker.

"We have additional security measures in place for our Official Images including GPG signatures on git commits as well as Notary signing to ensure the integrity of each image," it revealed.

Docker has not yet provided any information about the attackers, but it appears that someone probably stole credentials to a privileged account and gained access to the Hub database.

The company said it is investigating the attack and will share more details about the incident, when available.

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.