ProHoster > Blog > Administration > dockerhub hacked

dockerhub hacked

dockerhub hacked

A few hours ago, some users of DockerHub were sent emails with the following content:

“On Thursday, April 25, 2019, we discovered unauthorized access to one of the DockerHub databases, which stores some of the non-financial user data. Upon discovery, we immediately took all necessary steps to secure user data.

And now we would like to share the information that we were able to find during the investigation, including which DockerHub accounts were affected and what actions their owners should take now.

Here's what we managed to find out:

During a short period of unauthorized access to the DockerHub database, confidential data of approximately 190 accounts (less than 000% of service users) could be exposed. The data includes the usernames and password hashes of a small percentage of the above users, as well as the GitHub and BitBucket tokens used for automated container builds.

What should be done now:

- We ask users to change the passwords of DockerHub and any other accounts using the same password.

- Users using automated builds who may have been affected by this have been reset tokens and access keys. We also ask them to check their repositories for any recent suspicious activity.

- To find out how to investigate suspicious activity on your GitHub and BitBucket accounts in the last 24 hours, follow the links help.github.com/en/articles/reviewing-your-security-log и bitbucket.org/blog/new-audit-logs-give-you-the-who-what-when-and-where

- This may affect your current builds from our auto build service. You may also need to unlink and relink your GitHub and BitBucket accounts. This is written in detail here. docs.docker.com/docker-hub/builds/link-source

We, in turn, will improve our security systems and review our policies. We have also set up additional metrics to track possible future illegal activity.

We are still investigating the incident and will update you as more details become available."

As usual, we check our own mail, our accounts in the indicated services, and re-create passwords. We will update this post as new information becomes available.

Only registered users can participate in the survey. Sign in, you are welcome.

Have you received a similar letter?

  • Yes

  • No

  • I don't have a DockerHub account

26 users voted. 2 users abstained.

Source: habr.com

Add a comment