Docker reveals unauthorised access to sensitive database

By on
Docker reveals unauthorised access to sensitive database

Containerised software darling Docker has revealed a brief security incident.

The event, which took place last Friday Australian time, saw “a brief period of unauthorised access” to the Docker Hub repository of container images.

Docker has warned that “some sensitive data from approximately 190,000 accounts may have been exposed” with “usernames and hashed passwords for a small percentage of users as well as GitHub and Bitbucket tokens for Docker autobuilds” exposed.

The company has revoked all access token to the relevant accounts and required a password reset for all potentially-affected users.

As Docker Hub links to GitHub, tokens for the latter service were also revoked without users being told in advance even though that broke autobuilds. Docker almost-apologised for doing so, saying it was necessary to preserve security.

Docker has not, however, explained the source of the incident. CRN’s best guess is that someone got their hands on credentials to a privileged account. Which probably means someone fell for phish. Sigh.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What does your business want for Christmas?
Skilled people who'll take Elves' wages
A stocking full of good leads
Please, Santa, drop some cash down the chimney!
All status indicators green like misteltoe, none red like Rudolph's nose
A peaceful, relaxing time for the team and our clients, and all their families
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?