- data leakdatabasedockerdocker hubgithubhackedhackingsecurity
Attention Docker Hub users - Docker Hub has been hacked!
An email containing the following highlight was sent to the users whose account data may have been exposed.
During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds (full email).
If you got this email you should (and if you didn't receive that email, do it too ;)):
Change your password on https://hub.docker.com
Check https://github.com/settings/security and remove the Docker hub tokens
Check Bitbucket and remove the Docker hub tokens (https://bitbucket.org/blog/new-audit-logs-give-you-the-who-what-when-and-where)
Reconnect oAuth for automated builds (https://docs.docker.com/docker-hub/builds/link-source/)
Rollover effected passwords and API keys stored in private repos / containers
Having Github or Bitbucket tokens enables hackers to delete or change all (depending on the given rights) your repositories (including your private repositories). Stay secure! it only takes me 5 minutes to reset everything.