Docker Hub hack exposed data of 190,000 users
Docker Hub, the official repository for Docker container images, has announced a security breach on late Friday night.
The breach came to light after the company started emailing customers about a security incident that took place a day earlier on April 25.
"On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data," said Kent Lamb, Director of Docker Support.
Docker says the hacker had access to this database only for a short moment, but data for approximately 190,000 users had been exposed. The company said this number is only five percent of Docker Hub's entire userbase.
It is unclear if the hacker downloaded any user data from this Docker Hub server, but if he did, he may have gained access to Docker Hub user names, hashed passwords, and Github and Bitbucket tokens used for auto-building Docker container images.
Docker is now notifying users and prompting a password reset.
"For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place," Lamb said in the email the company sent customers.
The company is also asking users to review GitHub and Bitbucket account login logs for any unauthorized access from unknown IP addresses.
While only 190,000 seems a small breach, it is not. A vast majority of Docker Hub users are employees inside large companies, who may be using their accounts to auto-build containers that they then deploy in live production environments.
A user who fails to change his account password and may have their accounts autobuilds modified to include malware.
Docker said it is still investigating the incident and will share details when available. The security incident was not disclosed on the company's website, but only via email. A copy of the full email is available here or in the image below.
source zdnet
Industry: Cyber Security News
Latest Jobs
-
- 6 month contract Operational Cyber Security - SIEM, Vulnerability, Cyber Essentials + London, Inside IR35
- City of London
- Depending on experience
-
6 month contract inside IR35 Operational Cyber Security London c50% of the role is day to day operations / administration / liaising with 3rd party monitoring suppliers. More though investigations, getting ready for cyber essentials plus. Following up on vulnerability management. 20-30% active monitoring of alerts, tooling etc. 10% reporting / light oversight of junior Experience with Microsoft defender / Azure, Splunk, Tenable Experience in maintaining Cyber Essentials Plus is a big bonus. Knowledge across ISO27001, NIST GDPR required. Inside ir35 need someone in their London (city) office 2-3 days a week.
-
- CONTRACT Fluent French AND English Cyber Security Project manager - 12 month
- United Kingdom
- Dependent on experience
-
Fluent French / English Contactor cyber Security Project Manager needed. Experience in migrating technical cyber services from one physical region to another. Experience with Crowdstrike, Tanium, Palo Alto and or Zscaler ideal or comparable solutions. Language fluency in French AND English is essential. 12 month contract. Looking to start June. Day rate dependent on Experience. Apply today for more details
-
- GRC Security Contractor - Achieve SOC2 Type 1 Compliance - 6 month
- London
- Dependent on experience
-
GRC security practitioner needed to ensure a financial service business to achieve SOC 2 type 1. Experience managing the end to end process is key, you will be the key individual to deliver this within a 6 month deadline. Experience of SOC 2 type 1 / type 2. The gathering of evidence, baseline of 27001, ukdpa, GDPR NIST etc. Looking to interview ASAP.
-
- Contact 12 month- Security Operations- Crowdstrike Falcon Insight EDR / Analyst.
- United Kingdom
- Dependent on experience
-
Security Operations engineer / Analyst with Crowdstrike Falcon Insight EDR experience for a 12 month contract. Experienced Contractor with Crowdstrike Falcon Insight: Endpoint detection and Response (EDR) experience needed - 12 month rolling project. Implementation, configuration and Analyst experience needed with Crowdstrike Falcon Insight: (EDR) Migration project- relocating capability internationally. technically implementing, configuration of that that migration and then transition to BAU role monitoring. DCL Search exclusive associate Project.