Docker Hub suffered a data breach compromising data of 190,000 users

• An unauthorized party gained access to Docker Hub database which led to the compromise of users’ sensitive data.
• The compromised data includes users’ Docker Hub user names, hashed passwords, and Github and Bitbucket tokens used for auto-building Docker container images.

What is the issue - Docker Hub, the official repository for Docker container image, suffered a data breach compromising sensitive data of almost 190,000 users.

What happened - An unauthorized party gained access to Docker Hub database which led to the compromise of users’ sensitive data.

What data was compromised - The compromised data includes Docker Hub user names, hashed passwords, and Github and Bitbucket tokens used for auto-building Docker container images.

The big picture

On April 25th, 2019, Docker Hub learned that an unauthorized party gained access to a single Docker Hub database which contains a subset of non-financial user data.

• Docker Hub conducted an investigation on the incident and learned that almost 190,000 users have been impacted by the data breach.
• Upon learning the incident, Docker Hub notified its users about the incident via emails and requested a password reset.
• The company has revoked GitHub tokens and access keys, however, it has asked its users to review GitHub and Bitbucket account login logs for any unauthorized access.

“For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place,” Kent Lamb, Director of Docker Support said in the email notification.

Lamb further said that this incident might impact users’ ongoing builds from Docker Hub’s Automated build service, therefore, users must unlink and relink their Github and Bitbucket source provider.