DockerHub hacked

A few hours ago, some DockerHub users were sent letters that read:

“On Thursday, April 25, 2019, we discovered unauthorized access to one of the DockerHub databases, which stores part of the non-financial data of users. After the discovery, we immediately took all necessary measures in order to secure user data.
')
And now we would like to share the information that we were able to detect during the investigation, including which DockerHub accounts were affected and what actions their owners should take now.

Here is what we found out:

For a short period of unauthorized access to the DockerHub database, confidential data of approximately 190,000 accounts (less than 5% of service users) could be disclosed. The data includes usernames and password hashes of a small percentage of the above users, as well as GitHub and BitBucket tokens used for automatic container assemblies.

What should be done now:

• We ask users to change DockerHub passwords and any other accounts using the same password.
• For users who have used automatic assemblies that this could have affected, we dropped tokens and access keys. We ask them to also check their repositories for the presence of recent suspicious activity.
• To learn how to investigate suspicious activity on your GitHub and BitBucket accounts in the last 24 hours, click the links help.github.com/en/articles/reviewing-your-security-log and bitbucket.org/blog/new-audit. -logs-give-you-the-who-when-and-where
• This may affect your current builds from our auto assembly service. You may also need to disconnect and reconnect your GitHub and BitBucket accounts. This is written in detail here .

We, in turn, will improve our security systems and review our policies. We also set up additional metrics to track possible illegal activity in the future.

We are still investigating the incident and will inform you when new details become available. ”

As usual, we check our own mail, our accounts in the specified services, we re-invent passwords. When new information appears, we will update this post.