Docker, the company behind the popular containerization app, has conceded to a violation of its Hub database of container pictures, revealing the particulars of roughly 190,000 users.

Docker Hub is the default cloud-based office where Docker applications look for images, and is used by scores of developers and companies globally.

Docker first spotted the drudge on 25th April and then exposed the details about it in an email to customers and users of Docker Hub.

The company, in the message, said that the invaders could have stolen user names and hashed passwords for about 190,000 users, almost five per cent of Docker Hub’s complete userbase. Bitbucket and Github access tokens for Docker autobuilds were also uncovered during the event.

Using these tokens, developers can adjust the code of their project and can then auto build the image on Docker Hub. After getting access to tokens, an intruder could easily access a private repositories code and adjust it depending on the consents provided.

Since Hub images are often used in server configurations, changing the code and arranging bargained images could further lead to profounder supply-chain attacks.

Docket informed users that it revoked all access token to the accounts whose data might have been exposed during the attack. It also asked users to immediately change their password on Docker Hub as well as on other accounts, which shared this password.

The company advised users to reconnect to their repositories and check security logs to see if any unexpected activity was carried out from their accounts.

No Official Images were compromised during the attack, according to Docker.

“We have additional security measures in place for our Official Images including GPG signatures on git commits as well as Notary signing to ensure the integrity of each image,” it revealed.

Docker still has not provide any information about the attackers, but it seems that someone perhaps stole credentials to a privileged account and gained access to the Hub database.

The company said it is probing the attack and will share more details about the incident, when available.

Related articles

WhatsApp likely to be in Trouble due to a Spate of Controversaries
Cyber Crime

WhatsApp likely to be in Trouble due to a Spate of Controversaries

By CertX
Another Florida City to Pay $500,000 in Ransom
Cyber Crime

Another Florida City to Pay $500,000 in Ransom

By CertX
Government-backed Hacking Attempts on Google Accounts
Cyber Crime

Government-backed Hacking Attempts on Google Accounts

By CertX
Web.com, Network Situations, Register.com Reveal Breach Impacting Customer Account Data
Cyber Crime

Web.com, Network Situations, Register.com Reveal Breach Impacting Customer Account Data

By CertX
Cyber Crime

Various Flaws Exploited in Immense Facebook Hack

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *