Docker reveals unauthorised access to sensitive database

By on
Docker reveals unauthorised access to sensitive database

Containerised software darling Docker has revealed a brief security incident.

The event, which took place last Friday Australian time, saw “a brief period of unauthorised access” to the Docker Hub repository of container images.

Docker has warned that “some sensitive data from approximately 190,000 accounts may have been exposed” with “usernames and hashed passwords for a small percentage of users as well as GitHub and Bitbucket tokens for Docker autobuilds” exposed.

The company has revoked all access token to the relevant accounts and required a password reset for all potentially-affected users.

As Docker Hub links to GitHub, tokens for the latter service were also revoked without users being told in advance even though that broke autobuilds. Docker almost-apologised for doing so, saying it was necessary to preserve security.

Docker has not, however, explained the source of the incident. CRN’s best guess is that someone got their hands on credentials to a privileged account. Which probably means someone fell for phish. Sigh.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Disties and vendors are pushing their financial services. Are you biting?
Yes - to move away from banks!
Yes - to spread risk
Yes - dipping toes in the water
Not yet - but we like the look of it
No - looked at it and decided not to
No - it's just not right for us
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?