Docker Hub security breach exposes credentials of 190,000 users

Docker security breach exposes data of 190,000 users

Some bad news arrived late on Friday in the inboxes of users of Docker, the container platform beloved by developers:

On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data. Upon discovery, we acted quickly to intervene and secure the site.

During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as GitHub and Bitbucket tokens for Docker autobuilds.

Sign up to our free newsletter.
Security news, advice, and tips.

Docker email

Docker says it is continuing to investigate the security breach, but users are being told to change their passwords on Docker Hub. And, of course, that means you should also ensure that you are not using that same password anywhere else on the internet.

In the email, Docker’s director of support advises that it is revoking GitHub tokens and access keys for impacted users with autobuilds, and is asking them to reconnect to their repositories and check security logs to see if any unusual behaviour has been taking place.

Here’s how to review the security logs for your GitHub and BitBucket accounts.

Docker advises that ongoing builds through its automated build service may be affected, and users may need to unlink and relink their Github and BitBucket source code accounts.

Looks like developers are going to have a busy weekend, checking that their code hasn’t been tampered with…

At the time of writing there is no mention of the security breach to be seen on Docker’s official blog or on its Twitter feed, which is pretty bad form if you ask me.

Oh, and by the way, Docker still doesn’t support two-factor authentication.

Update 29 April 2019: Docker has published an FAQ on its website, ironically in an area called the “Success Center”.

Docker Success center

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Docker Hub security breach exposes credentials of 190,000 users”

  1. mark jacobs

    Did they salt their hashed passwords?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.