安全動態(tài)

Docker Hub 遭入侵,19 萬帳號被泄露

來源:聚銘網(wǎng)絡(luò)    發(fā)布時間:2019-04-28    瀏覽次數(shù):
 

信息來源:開源中國

美國當(dāng)?shù)貢r間周五晚上,有開發(fā)者表示收到來自 Docker 的官方郵件,郵件內(nèi)容顯示由于 Docker Hub 遭受非法入侵,已導(dǎo)致 19 萬個帳號的敏感數(shù)據(jù)被泄露,這些數(shù)據(jù)包括小部分用戶的用戶名和哈希密碼,以及用于自動構(gòu)建 Docker 鏡像而授權(quán)給 Docker Hub 的 GitHub 和 Bitbucket token。

Docker Hub 是 Docker 容器鏡像的官方存儲庫,提供給 Docker 開發(fā)者用于上傳/下載容器鏡像。

Docker 方面表示,發(fā)現(xiàn)漏洞后已立即采取干預(yù)措施來保護(hù)數(shù)據(jù),并盡力降低對用戶造成的影響。

按照 Docker 的官方說法,在黑客入侵 Docker Hub 后的短時間內(nèi)就發(fā)現(xiàn)了問題,不過仍有 19 萬個帳號的數(shù)據(jù)已遭泄露,大約是總用戶數(shù)的 5%。

Docker 發(fā)現(xiàn)問題后立即向用戶告知了這一消息,并通知用戶重置密碼(包括使用其他使用相同用戶名和密碼的平臺)。

此外,對于使用了自動構(gòu)建服務(wù)并可能受影響的用戶,Docker 已撤銷他們的 GitHub token 和訪問密鑰,并提醒他們重新連接到存儲庫,然后檢查安全和登錄日志以查看是否發(fā)生了任何異常操作,例如是否存在通過未知的 IP 地址進(jìn)行任何未經(jīng)授權(quán)的訪問。

雖然受影響的用戶只有 5%,看起來問題不是十分嚴(yán)重,但事實并非如此。要知道絕大多數(shù) Docker Hub 用戶都是大公司的內(nèi)部員工,他們的帳號可能正在使用自動構(gòu)建容器服務(wù),然后在實際生產(chǎn)環(huán)境中部署這些容器。

如果他們沒有及時重置帳號密碼,那么其帳號的自動構(gòu)建服務(wù)會存在極大的安全風(fēng)險 —— 被攻擊者植入惡意軟件。

Docker 表示目前仍在調(diào)查此事件,調(diào)查清楚后會分享詳細(xì)信息。不過這起安全事件尚未在公司網(wǎng)站上披露,僅通過電子郵件通知用戶。郵件內(nèi)容如下:

On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data. Upon discovery, we acted quickly to intervene and secure the site.

We want to update you on what we've learned from our ongoing investigation, including which Hub accounts are impacted, and what actions users should take.

Here is what we’ve learned:

During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.

Actions to Take:

- We are asking users to change their password on Docker Hub and any other accounts that shared this password.

- For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place.

- You may view security actions on your GitHub or BitBucket accounts to see if any unexpected access has occurred over the past 24 hours -see https://help.github.com/en/articles/reviewing-your-security-log and https://bitbucket.org/blog/new-audit-logs-give-you-the-who-what-when-and-where

- This may affect your ongoing builds from our Automated build service. You may need to unlink and then relink your Github and Bitbucket source provider as described in https://docs.docker.com/docker-hub/builds/link-source/

We are enhancing our overall security processes and reviewing our policies. Additional monitoring tools are now in place.

Our investigation is still ongoing, and we will share more information as it becomes available.

Thank you,

Kent Lamb Director of Docker Support info@docker.com

 
 

上一篇:2019年04月27日 聚銘安全速遞

下一篇:2019年04月28日 聚銘安全速遞