Docker Hub security incident 2024.09.24

[xbirt]

Select Topic Area

General

Body

Docker Hub had a security breach during which OAuth credentials "may" have been exposed, presumably for all Docker Hub accounts. Their email mentions that they identified the issue on 2024.09.24, but they fail to mention how long it may have been going on prior to that. They invalidated the OAuth credentials, but the email that informs the users about this was sent on 2024.09.26, which provides a large enough window for the attacker to have cloned plenty of private repositories.

I have a Bitbucket repository that was affected, but Bitbucket has no audit logging for repository clone events or for OAuth token usage. I would like to find out if the exposed credentials have been used to clone private source code. Does anyone have private code that could have been accessed this way, and also have organization-level logging with clone events included? If so, I would be very grateful if you could check and post your findings here.

I realize there's no guarantee that if your private code wasn't accessed this way, mine wasn't accessed either (or that if yours was accessed, mine was accessed as well), but it would be great to get some indication of the potential fallout from this security incident.

For reference, here's the email received from Docker Hub:
"Hello,

On September 24, 2024 we identified suspicious activity on our network. Upon identifying this potential security issue, we initiated an investigation.

We have discovered that OAuth credentials used for integration between Docker Hub Autobuilds and Bitbucket may have been exposed. While at this time there is no evidence that these credentials were accessed, your account is or was connected to Bitbucket and may potentially be affected.

To mitigate any potential risk, we have invalidated the OAuth credentials that allow access to Bitbucket repositories for Autobuilds. As a result, any newly triggered builds linked to Bitbucket will be stuck in a pending state without your intervention.

Next Steps:
If you are actively using Autobuilds with Bitbucket, you will need to reconnect your account. Please follow the steps outlined here to set up a new Bitbucket connection through Docker Hub.
We recommend that all users review their source repositories, especially those authorized for Autobuilds.
We are continuing to investigate this incident, and if we identify any additional impact or broader scope, we will notify you promptly.

Should you encounter any issues or require further assistance, please don’t hesitate to reach out to our support team.

Thank you for your understanding and cooperation as we work diligently to resolve this matter.

Thank you,
The Docker Team"

[ghostinhershell]

Hi @xbirt,

Thanks for being a part of the GitHub Community, we're glad you're here!

If you're looking for help for this specific topic, you might want to try asking for help somewhere that focuses on this project, such as the Docker Community Forums. I see that it's been a while since you've posted this and I wanted to note that though it's possible that another GitHub user might have run into this same issue and can help, but the GitHub Community Discussions focuses primarily on topics related to GitHub itself or collaboration on project development and ideas. We want to make sure you’re getting the best support you can, but this space may not be the right place for this particular topic.

Best of luck!