Edit: Also on the website now - [https://success.docker.com/article/docker-hub-user-notification](https://success.docker.com/article/docker-hub-user-notification)
Here's the email I received:
>On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data. Upon discovery, we acted quickly to intervene and secure the site.
>We want to update you on what we've learned from our ongoing investigation, including which Hub accounts are impacted, and what actions users should take.
>**Here is what we’ve learned:**
>During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.
>**Actions to Take:**
>* We are asking users to change their password on Docker Hub and any other accounts that shared this password.
>* For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place.
> * You may view security actions on your GitHub or BitBucket accounts to see if any unexpected access has occurred over the past 24 hours -see [https://help.github.com/en/articles/reviewing-your-security-log](http://email.docker.com/Y0TPb0SIa00pv003KJF0kLX) and [https://bitbucket.org/blog/new-audit-logs-give-you-the-who-what-when-and-where](http://email.docker.com/I0X0lFv0KPaTIT3p0b0JL00)
> * This may affect your ongoing builds from our Automated build service. You may need to unlink and then relink your Github and Bitbucket source provider as described in [https://docs.docker.com/docker-hub/builds/link-source/](http://email.docker.com/SJ0L3T0vK0P0IFa0X00bpUm)
>We are enhancing our overall security processes and reviewing our policies. Additional monitoring tools are now in place.
>Our investigation is still ongoing, and we will share more information as it becomes available.
9 thoughts on “Docker Hub user data breach of 190,000 accounts”
Just got this as well… They know the number of compromised user accounts so why can’t they just tell the affected users directly that their account was compromised without all this hedging and waffling?? Still a good idea for everyone to change their password in any case…
Edit: to be clear, I’m not saying that they should _only_ tell the affected users. I’m saying that in addition to public disclosure they should tell affected users explicitly that their account was compromised.
Oh wow. I want to send to my organization. I can’t see this in the news. Any links?
Gotta be breaking. I didn’t get an email, but it may be on the way. Either that or they’re only sending it tho those affected (they should be sending to everyone).
This is bad. Really bad. I didn’t pull any images in the past day so I hope I’m alright. This is the problem with central repos tho. Should make everyone consider self hosting their images.
Oh perfect this sprint my boss told me to sign up with docker to create a proof of concept for our dev environments 😀 yayyy
Not surprised… Dockers account management and security has never been great. They don’t even offer 2FA.
Just in time for DockerCon!
It’s now posted on the website [here](https://success.docker.com/article/docker-hub-user-notification).
Should be noted that if you used the automated build service; when you linked your source repo you gave them read and write access, so make sure to thoroughly audit your account activity, keys, etc.
I’m a bot, *bleep*, *bloop*. Someone has linked to this thread from another place on reddit:
– [/r/netsec] [Docker Hub user data breach of 190,000 accounts](https://www.reddit.com/r/netsec/comments/bhy22v/docker_hub_user_data_breach_of_190000_accounts/)
*^(If you follow any of the above links, please respect the rules of reddit and don’t vote in the other threads.) ^\([Info](/r/TotesMessenger) ^/ ^[Contact](/message/compose?to=/r/TotesMessenger))*
“Force anyone to register just to download docker desktop, what could go wrong”
fuck i registered just a few days before the breach