Unauthorized access to Docker Hub database
On Thursday, April 25th, 2019, we discovered unauthorized access to a single Docker Hub database storing a subset of non-financial user data. Upon discovery, we acted quickly to intervene and secure the site. We want to update you on what we’ve learned from our ongoing investigation, including which Hub accounts are impacted, and what actions users should take.
During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as GitHub and Bitbucket tokens for Docker autobuilds. We are asking users to change their password on Docker Hub and any other accounts that shared this password.
We are enhancing our overall security processes and reviewing our policies. Additional monitoring tools are now in place. There was a brief period of unauthorized access to a Docker Hub database.
During this time some sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of users as well as GitHub and Bitbucket tokens for Docker autobuilds. All these tokens have been revoked.
Source: docker.com