Docker Hub Repository Suffers Data Breach, 190,000 Users Potentially Affected

In an email sent to their customers on April 26, Docker reported that the online repository of their popular container platform suffered a data breach that affected 190,000 users.

According to Docker, the attack occurred on April 25, when the hacker managed to gain unrestricted access to the Docker Hub database for a brief period of time.  The company mentioned that the stolen information was comprised of non-financial data that included usernames, hashed passwords, as well as GtHub and Bitbucket tokens (which have already been revoked). The attack did not affect Docker’s Official Images, owing perhaps to the additional security built into the Official Images.

The number of users who were victimized by the attack represents approximately 5% of Docker’s userbase. However, many of Docker’s users are employees of companies that often have access to production pipelines and container environments, thus the reach and impact of the breach might extend beyond what the numbers indicate, as authentication measures could also be potentially bypassed via the stolen information. Furthermore, the hack could have resulted in proprietary code being stolen from online repositories.

Users who were potentially affected by the breach received a notification email from Docker and had their passwords invalidated, after which they were sent a password reset link. In addition, customers using autobuilds had GitHub and Bitbucket repositories unlinked for security purposes, and will need to relink their repositories. Docker recommended that their users reset their Docker Hub passwords as well as other accounts that use the same password.

Container security remains a priority

As container technology grows more popular, especially among organizations who adopt the DevOps method of focusing on speedy development and deployment, security remains both a challenge and a priority. In this instance, the hack was reported by the vendor. However, data breaches can also be a consequence of improper container configuration and inadequate security implementation on the user’s end. Incidents such as this and 2018’s Docker API attack, proves that container threats are a growing problem for both vendors and customers.

To help organizations handle the security securements needed to build their applications securely, ship them fast, and have them run anywhere, users can consider implementing solutions that allow them to shift security earlier in the development pipeline.  This includes the Trend Micro Hybrid Cloud Security solution, which provides powerful, streamlined, and automated security within the organization’s DevOps pipeline and delivers multiple XGen™ threat defense techniques for protecting runtime physical, virtual, and cloud workloads. It also adds protection for containers via Deep Security and Deep Security Smart Check, which scans Docker container images for malware and vulnerabilities at any interval in the development pipeline to prevent threats before they are deployed.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Veröffentlicht in Cybercrime & Digital Threats, DevOps