Docker Hub Unauthorized Access Incident: How to safeguard yourself?

What happened?

On April 25th 2019, Docker discovered unauthorized access to a database holding the credentials of 190,000 Docker Hub accounts which includes usernames, hashed passwords as well as GitHub and Bitbucket tokens for Docker autobuilds.

Resolution

  • Change password on Docker Hub and any other accounts that shared the same password.
  • For users may have been impacted, Github and Bitbucket autobuilds tokens are revoked. This means your autobuilds will fail, reconnect to your repositories again and check security logs to make sure everything is okay.
  • Enable Docker Content Trust to receive and send data to Docker Hub repositories.
    $ export DOCKER_CONTENT_TRUST=1

Alternatively, you can use repositories from Azure, Google, AWS, OCI, and others.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: