Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker container images, both publicly and privately.
The breach reportedly exposed sensitive information for nearly 190,000 Hub users (that's less than 5 percent of total users), including usernames and hashed passwords for a small percentage of the affected users, as well as Github and Bitbucket tokens for Docker repositories.
Docker Hub started notifying affected users via emails informing them about the security incident and asking them to change their passwords for Docker Hub, as well as any online account using the same password.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
"For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place."
The company has not revealed any further details about the security incident or how the unknown attackers gained access to its database.
says the company is continuing to investigate the security breach and will share more information as it becomes available.
The company is also working to enhance its overall security processes and reviewing its policies following the breach.