A Docker Hub database has been hacked, exposing data relating to about 190,000 users.

The unauthorized access was detected on April 25, and Docker moving quickly to intervene and secure the database.

Docker Hub is a library and community for container images, hosting over 100,000 container images from software vendors, open-source projects and the broader Docker community. The single database accessed is described as storing nonfinancial data but it included usernames and hashed passwords as well as GitHub and BitBucket tokens for Docker autobuilds.

The theft of usernames is never positive, but the biggest risk comes from the token theft. The GitHub and BitBucket access tokens allow developers to modify a project’s code and have it automatically build on Docker Hub.

Should the person or group behind the hack have gained access to these tokens, it would potentially allow them to modify code and images on Docker Hub, opening up a can of worms when it comes to the security of code on the service.

Docker said in a user notification that it has revoked tokens and access keys, stopping further unauthorized access. But the risk remains since there is a gap between when the hack took place and when Docker acted. “We ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place,” Docker wrote.

On the Docker breach: Even if your company doesn't rely on Docker Hub for production, if a developer in your org enabled auto builds and linked to GitHub via oauth for a personal project, when that oauth token is compromised, _all_ repos on GH they had access to are vulnerable.

— Kenn White (@kennwhite) April 27, 2019

As ZDNet pointed outs, “while only 190,000 seems a small breach, it is not. A vast majority of Docker Hub users are employees inside large companies, who may be using their accounts to auto-build containers that they then deploy in live production environments.”

Docker noted that it had contacted all affected users and that they continue to investigate how the hack took place. “We are enhancing our overall security processes and reviewing our policies. Additional monitoring tools are now in place,” the company said.

Users are also advised to change their password on Docker Hub and on any accounts that shared the same password as a precaution.

Photo: Buonasera/Wikimedia Commons