Hackere fik adgang til 190 tusindvis af Docker Hub-konti

Ukendte ubudne gæster fik adgang til data af verdens største bibliotek af billeder til containere, der forårsagede utætte af mere end 190 tusindvis brugernes legitimationsoplysninger.

Docker Hub developers detected that third persons got unauthorized access to one of project databases that stored non-financial users’ details.

“På torsdag, 25 april, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data,” sagde Kent Lamb, Director of Docker Support.

As emphasized, intruders stayed in system for a relatively short time, imidlertid, according to preliminary research, that was enough to compromise 190 000 konti that consists nearly 5% of all Docker Hub users’ base.

In the attack were compromised users’ names, passwords’ hashes, and tokens for GitHub and Bitbucket repositories that were used for Docker automatized assemblies.

Mentioned above tokens that are stored in Docker Hub, allow developers to modify codes of their projects and automatically create images on Docker Hub. If intruder will get tokens, it will open him access to private repositories and change it depending on allocated by token permissions. Compromising image and modifying code, hacker will seriously damage supply chain, as Docker Hub images are often used in servers’ and applications configurations.

Docker Hub team notified users and reset passwords of compromised accounts.

For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place,” Lamb said in the email the company sent customers.

Docker’s team have already withdrawn all compromised tokens and access keys, imidlertid, all developers that use automatized Docker Hub constructors, are highly recommended to check all projects for unsanctioned access.

Mail from Docker Hub
Experts are sharing on the Internet a letter from Docker Hub

Though hacker’s access to 5% of users’ accounts does not seem to be a critical issue, the spectrum of ramifications may be broad. As majority of Docker Hub users are employees of big companies, they could use their accounts for creation of containers that are later applied in real enterprise environments. After attack, hackers may introduce malware code in IT-systems of large companies worldwide.

Investigation of incident and assessment of possible damage continues.

Kilde: https://www.zdnet.com

Om Trojan Killer

Carry Trojan Killer Portable på din memory stick. Vær sikker på, at du er i stand til at hjælpe din pc modstå eventuelle cyber trusler, hvor du går.

Tjek også

MageCart på Heroku Cloud Platform

Forskere har fundet flere MageCart Web Forplove On Heroku Cloud Platform

Forskere ved Malwarebytes rapporteret om at finde flere MageCart web skummere på Heroku cloud-platform …

Android Spyware CallerSpy

CallerSpy spyware masker som en Android chat applikation

Trend Micro eksperter opdagede malware CallerSpy, hvilke masker som en Android chat program og, …

Skriv et svar