Docker Hub reported a single database was accessed by an unauthorized user on April 25 exposing 190,000 accounts.
The company did not indicate how the database was accessed, but it is asking users to reset their Docker Hub password. Exposed information included usernames and hashed passwords for a small percentage of users as well as GitHub and Bitbucket tokens for Docker autobuilds. The company has revoked all these tokens and in cases where the password hash was potentially exposed the company is forcing a password reset.
“No Official Images have been compromised. We have additional security measures in place for our Official Images including GPG signatures on git commits as well as Notary signing to ensure the integrity of each image,” Docker said in a statement.
The 190,000 impacted accounts represents about five percent of the Docker Hub user base.
“Because Docker didn’t provide a specific timeline for this breach, no one knows how long ago the unauthorized access occurred. As with most breaches, the perpetrators may have had access to compromised resources significantly longer than just last week. To be safe, you should verify recently pushed images going back over the past several weeks. Doing this audit can be difficult as not every registry will let you filter the data by image age,” said Wei Lien Dang, Vice President of Product at StackRox.