Docker Hub Unauthorized Access Incident: How to safeguard yourself?

What happened?

On April 25th 2019, Docker discovered unauthorized access to a database holding the credentials of 190,000 Docker Hub accounts which includes usernames, hashed passwords as well as GitHub and Bitbucket tokens for Docker autobuilds.

Resolution

  • Change password on Docker Hub and any other accounts that shared the same password.
  • For users may have been impacted, Github and Bitbucket autobuilds tokens are revoked. This means your autobuilds will fail, reconnect to your repositories again and check security logs to make sure everything is okay.
  • Enable Docker Content Trust to receive and send data to Docker Hub repositories.
    $ export DOCKER_CONTENT_TRUST=1

Alternatively, you can use repositories from Azure, Google, AWS, OCI, and others.

Create a website or blog at WordPress.com

Up ↑