服務熱線:0731-88395100

Docker Hub遭非法入侵,19萬賬號敏感數據被泄露

時間:2019-04-30 15:37來源:未知 作者:admin 點擊:

       美國當地時間周五晚上,有開發者表示收到來自 Docker 的官方郵件,郵件內容顯示由於 Docker Hub 遭受非法入侵,已導致 19 萬個帳號的敏感數據被泄露,這些數據包括小部分用戶的用戶名和哈希密碼,以及用於自動構建 Docker 鏡像而授權給 Docker Hub GitHub Bitbucket token。

       Docker Hub Docker 容器鏡像的官方存儲庫,提供給 Docker 開發者用於上傳/下載容器鏡像。

        Docker 方麵表示,發現漏洞後已立即采取幹預措施來保護數據,並盡力降低對用戶造成的影響。

       按照 Docker 的官方說法,在黑客入侵 Docker Hub 後的短時間內就發現了問題,不過仍有 19 萬個帳號的數據已遭泄露,大約是總用戶數的 5%。

        Docker 發現問題後立即向用戶告知了這一消息,並通知用戶重置密碼(包括使用其他使用相同用戶名和密碼的平台)。

此外,對於使用了自動構建服務並可能受影響的用戶,Docker 已撤銷他們的 GitHub token 和訪問密鑰,並提醒他們重新連接到存儲庫,然後檢查安全和登錄日誌以查看是否發生了任何異常操作,例如是否存在通過未知的 IP 地址進行任何未經授權的訪問。

       雖然受影響的用戶隻有 5%,看起來問題不是十分嚴重,但事實並非如此。要知道絕大多數 Docker Hub 用戶都是大公司的內部員工,他們的帳號可能正在使用自動構建容器服務,然後在實際生產環境中部署這些容器。

       如果他們沒有及時重置帳號密碼,那麽其帳號的自動構建服務會存在極大的安全風險 —— 被攻擊者植入惡意軟件。

       Docker 表示目前仍在調查此事件,調查清楚後會分享詳細信息。不過這起安全事件尚未在公司網站上披露,僅通過電子郵件通知用戶。郵件內容如下:

        On Thursday, April 25th, 2019, we discovered unized access to a single Hub database storing a subset of non-financial user data. Upon discovery, we acted quickly to intervene and secure the site.

        We want to update you on what we"ve learned from our ongoing investigation, including which Hub accounts are impacted, and what actions users should take.

         Here is what we’ve learned:

         During a brief period of unized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.

Actions to Take:

- We are asking users to change their password on Docker Hub and any other accounts that shared this password.

- For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place.

- You may view security actions on your GitHub or BitBucket accounts to see if any unexpected access has occurred over the past 24 hours -see https://help.github.com/en/articles/reviewing-your-security-log and https://bitbucket.org/blog/new-audit-logs-give-you-the-who-what-when-and-where

- This may affect your ongoing builds from our Automated build service. You may need to unlink and then relink your Github and Bitbucket source provider as described in https://docs.docker.com/docker-hub/builds/link-source/

         We are enhancing our overall security processes and reviewing our policies. Additional monitoring tools are now in place.

Our investigation is still ongoing, and we will share more information as it becomes available.

Thank you,

Kent Lamb Director of Docker Support info@docker.com

內容來源:開源中國

(責任編輯:admin)

下一篇:紐約市門羅學院計算機係統受到勒索軟件攻擊

上一篇:CNCERT最新態勢綜述發布,這些問題不得不重視

F88娱乐2網安