Docker Hub reported a single database was accessed by an unauthorized user on April 25 exposing 190,000 accounts.
The company did not indicate how the database was accessed, but it is asking users to reset their Docker Hub password. Exposed information included usernames and hashed passwords for a small percentage of users as well as GitHub and Bitbucket tokens for Docker autobuilds. The company has revoked all these tokens and in cases where the password hash was potentially exposed the company is forcing a password reset.
“No Official Images have been compromised. We have
additional security measures in place for our Official Images including GPG
signatures on git commits as well as Notary signing to ensure the integrity of
each image,” Docker said in a statement.
Please register to continue.
Already registered? Log in.
Once you register, you’ll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.