Docker, a company that created an open platform for building and running distributed applications, reported to users that its Docker Hub database had been breached, exposing sensitive data from approximately 190,000 accounts. While that figure makes up less than five percent of Hub users, the data included some usernames and hashed passwords as well as Github and Bitbucket tokens for Docker autobuild. The company reported that the tokens have been revoked, and said it “acted quickly to intervene and secure the site.”
Experts who spoke with Motherboard indicated that the worst-case scenario is that hackers gain access to proprietary source code of some of those accounts. For context, companies on Docker’s roster include the likes of Paypal and Visa. Microsoft quickly reported that its official files hosted in Docker Hub were not compromised.
According to Veracode CTO Chris Wysopal, it is not yet known what the underlying vulnerability was at Docker Hub, but it is a serious breach as attackers could use the access tokens to get at a company’s source code. It is unclear if the attackers would have write privileges, which would enable backdooring into the code. Wysopal said each customer that was notified should be resetting access tokens and looking at logs for access. With revision control, this is all heavily audited.
Since Docker notified customers quickly, hopefully the impact is limited. The company emailed those impacted by the breach directly with a password reset link. Customers using autobuilds should check to ensure that their GitHub or Bitbucket repositories are still linked to the Docker Hub to ensure autobuilds work correctly moving forward.
Thousands of companies and millions of developers around the world use Docker to run containers, which are software packages that include code, runtime, settings, system libraries, and system tools. By isolating software from its surroundings, software containers enable code to always run the same regardless of the environment it is operating within. Although the company is still investigating the breach, if hackers have access to the private code in the repositories, they may be able to inject malicious code into software autobuilt by Docker.
