Manage cookies

We use cookies to improve our services. Read more about how we use cookies and how you can refuse them.

The necessary cookies help to make the website work properly.

Anonymous statistical cookies help to understand how visitors use the website.

  • Analytics, Hacking
    1 min | 1779

    #Docker: Docker hub has been hacked

    Analytics, Hacking | 1 min | 1779


    Attention Docker Hub users - Docker Hub has been hacked!

    An email containing the following highlight was sent to the users whose account data may have been exposed.

    During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds (full email).

    If you got this email you should (and if you didn't receive that email, do it too ;)):

    1. Change your password on https://hub.docker.com

    2. Check https://github.com/settings/security and remove the Docker hub tokens

    3. Check Bitbucket and remove the Docker hub tokens (https://bitbucket.org/blog/new-audit-logs-give-you-the-who-what-when-and-where)

    4. Reconnect oAuth for automated builds (https://docs.docker.com/docker-hub/builds/link-source/)

    5. Rollover effected passwords and API keys stored in private repos / containers

    Having Github or Bitbucket tokens enables hackers to delete or change all (depending on the given rights) your repositories (including your private repositories). Stay secure! it only takes me 5 minutes to reset everything.


    Comments

    Empty