Docker Hub Hack Affects 190K Accounts | Threatpost

Docker Hub has confirmed that it was hacked last week; with sensitive data from approximately 190,000 accounts potentially exposed.

“On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data,” Kent Lamb, director of Docker Support, said in an email over the weekend, which a Docker user posted on online. “Upon discovery, we acted quickly to intervene and secure the site.”

The container specialist noted that it was a “brief period” of unauthorized access that impacted less than 5 percent of Hub users; however, the data includes usernames and hashed passwords, as well as Github and Bitbucket tokens for Docker autobuilds.


Docker has revoked GitHub tokens and access keys for affected accounts, and the company warned that this may affect ongoing builds from its automated build service; users “may need to unlink and then relink your GitHub and BitBucket source provider,” Lamb warned.

Docker Hub users should change their passwords on Docker Hub and any other accounts that share that password. Users can also view security actions on GitHub and BitBucket accounts to check for unauthorized access.

Docker has been in the security headlines before in the recent past; for instance, in January, researchers hacked the Docker test platform called Play-with-Docker with a proof-of-concept hack, allowing them to access data and manipulate any test Docker containers running on the host system. The team was able to escape the container and run code remotely right on the host.

Also, last year 17 malicious docker images were found available on Docker Hub that allowed hackers to earn $90,000 in cryptojacking profits.

And Docker in 2017 patched a privilege escalation vulnerability that could also have lead to container escapes, allowing a hacker to affect operations of a host from inside a container.

Containers are increasing in popularity among DevOps users in companies of all sizes because they facilitate collaboration, which optimizes their ability to deliver code fast to virtual environments. However, Lacework in an analysis in 2018 noted that securing workloads in public clouds requires a different approach than that used for traditional data centers, where APIs drive the infrastructure and create short-lived workloads. In turn, they’re also becoming more interesting to cybercriminals, Dan Hubbard, chief security architect at Lacework, told Threatpost.

Enterprises also report an accelerating number of container attacks. In fact, 60 percent of respondents in a recent survey acknowledged that their organizations had been hit with at least one container security incident within the past year. In companies with more than 100 containers in place, that percentage rises to 75 percent.