Data breach at Docker; hackers steal access keys for almost 200k accounts

In recent days, a still not identified hacker group got unauthorized access to a Docker database, a company dedicated to programmer software development, compromising around 200k users’ accounts, as reported by cyber forensics course specialists.

Docker allows developers to run software packages (containers), which are employed by some of the world’s leading technology companies. According to cyber forensics course specialists, the company fears that the threat actors have gained illegitimate access to the source code developed by the users stored on the platform. However, it is still not known specifically what the compromised information is.

Some users fear that hackers could access some keys and tokens to access private repositories; this, coupled with the risk of malicious code injection, leaves many users of the platform in a compromising situation. Docker security teams continue to investigate the incident.

Docker top customers include companies such as PayPal, Splunk and Atlassian, among others. In addition, according to cyber forensics course specialists, multiple developers who work for companies like Facebook and Google are also frequent users of this platform.

According to a spokesman from Atlassian, one of the affected companies, Docker sent them a notice last Friday mentioning the incident; The Atlassian IT security team immediately started a password reset process. “We believe that hackers are likely to attack Docker to get an entry point to compromise the sensitive assets of other companies,” the spokesman mentioned.

Docker security teams also fear that hackers can bypass multi-factor authentication to access repositories from other similar platforms, such as GitHub, using the access codes and tokens stolen during this incident. “It’s as if a thief stole just in one move the keys to every house in a neighborhood.”

As an additional security measure, experts from the International Institute of Cyber Security (IICS) recommend potentially affected users to reset their passwords and access tokens on GitHub as well.