Security breach exposes information from Docker Hub users

An unauthorized user gained access to a Docker Hub database, exposing sensitive information from approximately 190,000 users (less than 5% of total Docker Hub users). This information included hashed usernames and passwords, as well as tokens for GitHub and Bitbucket repositories.

The risk for users whose accounts were exposed is that if an attacker gains access to their tokens, they could enter their private code repository to modify it, depending on the permissions stored in the token.

Docker Hub has sent an email to its users detailing the events, requesting that the password for access to the service be changed, and maintaining that the investigation is ongoing, so it will publish more information as it becomes available.