DockerHub hacked



    A few hours ago, several letters were sent to some DockerHub users:

    “On Thursday, April 25, 2019, we discovered unauthorized access to one of the DockerHub databases, which stores part of the non-financial data of users. After detection, we immediately took everything necessary to secure user data.

    And now we would like to share the information that we were able to find during the investigation, including which DockerHub accounts were affected and what actions their owners should take now.

    Here is what we managed to find out:

    Within a short period of unauthorized access to the DockerHub database, confidential data of approximately 190,000 accounts (less than 5% of service users) could be disclosed. The data includes usernames and password hashes of a small percentage of the above users, as well as GitHub and BitBucket tokens used for automatic container assembly.

    What should be done now:


    We, in turn, will improve our security systems and revise our policies. We also set up additional metrics to track possible illegal activity in the future.

    We are still investigating the incident and will inform you when new details become available. ”

    As usual, we check our own mail, our accounts in the specified services, we come up with passwords again. When new information appears, we will update this post.

    Only registered users can participate in the survey. Please come in.

    Did you receive a similar letter?

    • 10.7% Yes 87
    • 35.3% No 286
    • 53.8% I do not have an account on DockerHub 435

    Also popular now: