Docker reveals unauthorised access to sensitive database

By on
Docker reveals unauthorised access to sensitive database

Containerised software darling Docker has revealed a brief security incident.

The event, which took place last Friday Australian time, saw “a brief period of unauthorised access” to the Docker Hub repository of container images.

Docker has warned that “some sensitive data from approximately 190,000 accounts may have been exposed” with “usernames and hashed passwords for a small percentage of users as well as GitHub and Bitbucket tokens for Docker autobuilds” exposed.

The company has revoked all access token to the relevant accounts and required a password reset for all potentially-affected users.

As Docker Hub links to GitHub, tokens for the latter service were also revoked without users being told in advance even though that broke autobuilds. Docker almost-apologised for doing so, saying it was necessary to preserve security.

Docker has not, however, explained the source of the incident. CRN’s best guess is that someone got their hands on credentials to a privileged account. Which probably means someone fell for phish. Sigh.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?