Incident Of The Week: Impact Of Docker Security Breach

The internet attack puts upwards of 190,000 accounts at risk



Kayla Matthews
05/03/2019

People in the IT sector recently had a reason to grimace and wonder about the damage caused when Docker announced a security breach affecting 190,000 users and a single Docker Hub database.

Docker is a container platform that allows teams to build, run and share applications from anywhere, and a container is a piece of software containing all the components that make the application seamlessly operate anywhere — even between different computing environments.

Moreover, container images are like snapshots of the full containers, and they produce containers when people run them at startup. The final thing that's essential to know about the components of this breach is that the Docker Hub is the world's largest collection of container images.

Now, let's get back to the details of the security issue.

No Financial Information at Risk

The official statement from Docker about the breach confirms that the 190,000 users potentially affected by the issue may have had their usernames and hashed passwords compromised. But, the breached information did not include financial information.

An external analysis of the Docker issue asserts that the hackers could nonetheless do substantial damage without having access to bank details. That's because each autobuild has an associated token that grabs the data from the external source. Docker disabled those tokens as soon as it discovered the breach, but the problem could still mean that DevOps teams that used those tokens need to go back through their pipelines and check for signs of unusual activity.

The release also said the issue affects some users who have GitHub and Bitbucket tokens associated with Docker autobuilds. In short, that Docker feature allows developers to pull source code from external sources — such as GitHub and Bitbucket — then use it to automatically build container images that get pushed a user's Docker repository.

The possible widespread reach of incidents like this one makes companies seriously consider getting cyber breach protection. Even when enterprises take precautions, the damages caused by internet attacks can be substantial. Being insured could help companies recover faster than they otherwise might.

Some Users Need to Change Their Passwords

Docker discovered this incident on April 25, which was just before DockerCon, the company's annual promotional event. Some sources said that Docker likely wouldn't go into much detail about the breach other than what it provided in the statement cited above. After all, this isn't the kind of news that makes new customers eagerly flock to Docker.

See Related: “The 2018 Global Password Security Report

Docker representatives sent password reset emails to people possibly affected by the breach. Also, people who had their accounts linked to Bitbucket or GitHub need to relink them following this incident.

Docker Executives Respond

According to an article from eWEEK, two of Docker's executives did bring up the breach during DockerCon. CEO Steven Singh admitted that the breach happened and said the company resolved it.

Singh also responded to a question from eWEEK and said that the company engaged in a forensic investigation to get to the bottom of the matter. For now, though, Docker has not identified any at-blame parties or confirmed how long any bad actors had access, nor what caused the problem. Also, Docker's CTO, Kal De committed to "stay laser-focused" on security at the company.

No Two-Factor Authentication Yet

Two-factor authentication (2FA) requires a person to have two pieces of information to log into an account. Normally, it's something they know (such as a password) and something they have (like a one-time login code). But, a blog post brings up a common user complaint that Docker does not offer 2FA yet.

See Related: “Protect The Enterprise From MFA Attacks

There's no word whether Docker may offer 2FA soon based on this recent incident. But, considering that so many businesses do as a precautionary measure, it's worth considering following their lead as a company-wide security upgrade.

Specific Security Measures Not Discussed

Although Docker execs went into detail about several of its plans during DockerCon, it didn't venture into security strategies at length. Instead, De talked about a "security-by-design" mindset. Until Docker users know precisely what that means after the company gives the official word, they need to remain mindful that security breaches are becoming more common, and it seems no company has immunity.

See Related: "Incident Of The Week" Articles