rising number of hacking incidents, Docker Hub, the official repository of container images has e-mailed its customers about a security incident involving a major data breach. The company has announced that hackers had access to a portion of its database for a short period of time. However, the hackers have managed to take away the data of approximately 1.9 lakh users. This number is just 5% of Docker’s entire userbase.
It is unclear if hacker downloaded any user data from the Docker Hub server, but if they did, they may have gained access to Docker Hub usernames, hashed passwords, GitHub, and Bitbucket tokens that are generally used for auto-building Docker container images.
In an email announcement, Kent Lamb, the Director of Docker Support said, “On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data. For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place.”
Docker users are advised to review their GitHub and Bitbucket account login for any unauthorised access from an unknown IP address. The number of affected users may seem small at a glance, but these users are employees of large companies across the world. If they are using auto-build containers deployed in live production environments, the impact of this breach can be huge.
If users fails to change their account passwords, they may have their account autobuilds modified to include malware. The company said that they are investigating the incident and will share details as soon as they are available.
Another potential risk is that the hackers can bypass the two-factor authentication on GitHub code repository using the stolen access tokens and keys.