On Thursday, April 25th, 2019, there was unauthorized access to a single Docker Hub database storing a subset of non-financial user data (approximately 190,000 users had been exposed).Docker has reacted quickly to minimize/nullify the risk of attackers misusing the data,in this post we take look at key points about attack & further steps.
Quick recap on what is Docker Hub:
Docker Hub is a service provided by Docker for finding and sharing container images across teams/organizations/or with Docker community. Following are key features:
- Image Repository: It allows you to share container images across teams/organizations, or with Docker community,Container Images can be Pushed and pulled using docker client.
- Official Images: Pull and use high-quality container images provided by Docker.
- Publisher Images: Pull and use high-quality container images provided by external vendors.
- Automated Builds: You can automatically build container images from GitHub and Bitbucket and push them to Docker Hub.
- Webhooks: Trigger actions after a successful push to a repository to integrate Docker Hub with other services.
Key points about attack & further steps:
- Sensitive data from approximately 190,000 accounts may have been exposed (~ 5% of Hub users).
- Data includes usernames and hashed passwords, as well as GitHub and Bitbucket tokens for Docker autobuilds. Users who have enabled autobuilds, respective repositories has been unlinked.Tokens has also been revoked to protect from attack.
- For users with autobuilds that may have been impacted, GitHub tokens and access keys have been revoked. This means your autobuilds will fail, unlink & relink as required.Also review GitHub and Bitbucket account login logs for any unauthorized access from unknown IP addresses.
- No Official Images have been compromised. There are additional security measures in place for Official Images that includes GPG signatures on git commits as well as Notary signing to ensure the integrity of each image.Notary is a tool for publishing and managing trusted images,checkout more here.
- A password reset link has been sent to users who potentially had their password hash exposed.For other Docker Hub users, there is NO action required.
Please reach out [email protected] for any questions/support.
Check out Docker Official Notification here