Sat. Jun 6th, 2020

Hackers Breach Docker Hub Database and Expose 190,000 Accounts

Docker Hub, a company that makes software programming tools used by big tech companies, said that hackers accessed one of its databases.


On Friday, the company sent a notice to customers, via email, saying:

“On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data.” Upon further investigation, it was discovered that the database included sensitive information for approximately 190,000 users.


Even worse, the stolen information also included “usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”


Although Docker is still investigating the breach, the stolen access keys and tokens could have potentially given hackers access to critical private code repositories, and the ability to inject malicious code into software autobuilt by Docker.


According to Vice, Jeremy Galloway a security researcher at Atlassian — one of the companies that use Docker — said:

“Although the breach only exposed 190,000 users, the tokens and keys exposed are routinely used for auto-building critical software for companies and for accessing their private code repositories. It’s likely that attackers compromised Docker Hub simply as a means to an end to gain access to hundreds or thousands of other sensitive targets.” 


Those other targets include companies such as PayPal and Splunk. And developers in companies such as Google and Facebook also use Docker.


While Docker stated that they’ve already revoked all exposed tokens and access keys, they are asking impacted users and customers to reset their passwords.