A few hours ago, several letters were sent to some DockerHub users:
“On Thursday, April 25, 2019, we discovered unauthorized access to one of the DockerHub databases, which stores part of the non-financial data of users. After detection, we immediately took everything necessary to secure user data.
And now we would like to share the information that we were able to find during the investigation, including which DockerHub accounts were affected and what actions their owners should take now.
Here is what we managed to find out:
Within a short period of unauthorized access to the DockerHub database, confidential data of approximately 190,000 accounts (less than 5% of service users) could be disclosed. The data includes usernames and password hashes of a small percentage of the above users, as well as GitHub and BitBucket tokens used for automatic container assembly.
What should be done now:
- We ask users to change the passwords of DockerHub and any other accounts using the same password.
- For users who used automatic assemblies that could affect this, we reset tokens and access keys. We also ask them to check their repositories for recent suspicious activity.
- To learn how to investigate suspicious activity on your GitHub and BitBucket accounts in the last 24 hours, go to help.github.com/en/articles/reviewing-your-security-log and bitbucket.org/blog/new-audit -logs-give-you-the-who-what-when-and-where
- This may affect your current builds from our auto assembly service. You may also need to disconnect and reconnect your GitHub and BitBucket accounts. This is described in detail here .
We, in turn, will improve our security systems and revise our policies. We also set up additional metrics to track possible illegal activity in the future.
We are still investigating the incident and will inform you when new details become available. ”
As usual, we check our own mail, our accounts in the specified services, we come up with passwords again. When new information appears, we will update this post.
Only registered users can participate in the survey. Please come in.
Did you receive a similar letter?
- 10.7% Yes 87
- 35.3% No 286
- 53.8% I do not have an account on DockerHub 435