“ We have remote GitHub relic and access code key out for user with autobuilds that may have been pretend , and postulate that you reconnect to your repository and assert prophylactic lumber , if unexpected litigate have deal office , ” enjoin Lamb at the electronic mail commit to customer . “ On Thursday 25 April 2019 , we see wildcat access code to a single Hub database which salt away a subset of not - fiscal drug user data point , ” pronounce Docker Support Director Kent Lamb . Docker forthwith give notice exploiter and instruct user to reset the password . While it is indecipherable whether the drudge download any user datum from this Docker Hub waiter , he might cause memory access to Docker Hub substance abuser describe , password chop , and relic for Github and Bitbucket victimised to frame Docker container epitome automatically . A substance abuser who does not switch his password for his bill and can make their accounting autobuilt to include malware . Docker sound out the cyber-terrorist lonesome sustain short-circuit admission to this database , but data point were uncover for some 190,000 exploiter . The keep company enjoin this figure is solitary 5 % of the total exploiter foot of Docker Hub . A transcript of the consummate e-mail can be establish Hera or in the envision below . The infract arrive to illume after the society get e-mail client about a security system incidental on April 25 . The prescribed Docker container persona deposit , Docker Hub , herald a condom misdemeanor at the last of Friday Night . The fellowship too birdcall on drug user to learn login lumber for GitHub and Bitbucket for wildcat access code from wildcat information processing deal . A heavy bulk of user of the Docker Hub are employee in with child society who can utilise their history to car - create container that they so enjoyment in springy production environs . Docker aforementioned the incidental is allay being inquire and will partake in detail if available . The refuge incident was not let out on the internet site of the keep company , but only when via e-mail . Although lone 190,000 seem to be a pocket-sized transgress , it is not .
— Kenn White ( @kennwhite ) 27 April 2019