Security Newsletter
6 May 2019
Docker breach of 190,000 users exposes lack of two-factor authentication
Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company's single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker container images, both publicly and privately.
According to an advisory on the company’s website, the incident happened on 25 April when for a “brief period” attackers accessed a single Docker Hub repository used to store the accounts. Exposed data included usernames, an unknown number of hashed passwords and, inconveniently, API tokens used by developers with GitHub and Bitbucket (which, when embedded in scripts, perform the same function as passwords for Docker autobuilds).
Data breaches are always bad news but the possible compromise of 190,000 accounts (about 5% of the service’s user base) on a development system used by businesses heaps additional worries on top of the usual workload. And that's what makes the Docker Hub breach potentially so much more worrying: If tokens have been compromised, it gives attackers many more places to slip in malicious code.
Read More on Naked Security blog
Even more on The Hacker News
Docker Hub Breach: It's Not the Numbers; It's the Reach
 
More #News
 
#Patch Time!
 
#Tech and #Tools
This content was created by Kindred Group Security. Please share if you enjoyed!
Kindred Group in brief
Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.
You can access the previous newsletters at https://news.infosecgur.us
If you no longer wish to receive this newsletter, you can unsubscribe from this list.