You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Docker Hub had a security breach during which OAuth credentials "may" have been exposed, presumably for all Docker Hub accounts. Their email mentions that they identified the issue on 2024.09.24, but they fail to mention how long it may have been going on prior to that. They invalidated the OAuth credentials, but the email that informs the users about this was sent on 2024.09.26, which provides a large enough window for the attacker to have cloned plenty of private repositories.
I have a Bitbucket repository that was affected, but Bitbucket has no audit logging for repository clone events or for OAuth token usage. I would like to find out if the exposed credentials have been used to clone private source code. Does anyone have private code that could have been accessed this way, and also have organization-level logging with clone events included? If so, I would be very grateful if you could check and post your findings here.
I realize there's no guarantee that if your private code wasn't accessed this way, mine wasn't accessed either (or that if yours was accessed, mine was accessed as well), but it would be great to get some indication of the potential fallout from this security incident.
For reference, here's the email received from Docker Hub:
"Hello,
On September 24, 2024 we identified suspicious activity on our network. Upon identifying this potential security issue, we initiated an investigation.
We have discovered that OAuth credentials used for integration between Docker Hub Autobuilds and Bitbucket may have been exposed. While at this time there is no evidence that these credentials were accessed, your account is or was connected to Bitbucket and may potentially be affected.
To mitigate any potential risk, we have invalidated the OAuth credentials that allow access to Bitbucket repositories for Autobuilds. As a result, any newly triggered builds linked to Bitbucket will be stuck in a pending state without your intervention.
Next Steps:
If you are actively using Autobuilds with Bitbucket, you will need to reconnect your account. Please follow the steps outlined here to set up a new Bitbucket connection through Docker Hub.
We recommend that all users review their source repositories, especially those authorized for Autobuilds.
We are continuing to investigate this incident, and if we identify any additional impact or broader scope, we will notify you promptly.
Should you encounter any issues or require further assistance, please don’t hesitate to reach out to our support team.
Thank you for your understanding and cooperation as we work diligently to resolve this matter.
Code SecurityBuild security into your GitHub workflow with features to keep your codebase secureGeneral
1 participant
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Select Topic Area
General
Body
Docker Hub had a security breach during which OAuth credentials "may" have been exposed, presumably for all Docker Hub accounts. Their email mentions that they identified the issue on 2024.09.24, but they fail to mention how long it may have been going on prior to that. They invalidated the OAuth credentials, but the email that informs the users about this was sent on 2024.09.26, which provides a large enough window for the attacker to have cloned plenty of private repositories.
I have a Bitbucket repository that was affected, but Bitbucket has no audit logging for repository clone events or for OAuth token usage. I would like to find out if the exposed credentials have been used to clone private source code. Does anyone have private code that could have been accessed this way, and also have organization-level logging with clone events included? If so, I would be very grateful if you could check and post your findings here.
I realize there's no guarantee that if your private code wasn't accessed this way, mine wasn't accessed either (or that if yours was accessed, mine was accessed as well), but it would be great to get some indication of the potential fallout from this security incident.
For reference, here's the email received from Docker Hub:
"Hello,
On September 24, 2024 we identified suspicious activity on our network. Upon identifying this potential security issue, we initiated an investigation.
We have discovered that OAuth credentials used for integration between Docker Hub Autobuilds and Bitbucket may have been exposed. While at this time there is no evidence that these credentials were accessed, your account is or was connected to Bitbucket and may potentially be affected.
To mitigate any potential risk, we have invalidated the OAuth credentials that allow access to Bitbucket repositories for Autobuilds. As a result, any newly triggered builds linked to Bitbucket will be stuck in a pending state without your intervention.
Next Steps:
If you are actively using Autobuilds with Bitbucket, you will need to reconnect your account. Please follow the steps outlined here to set up a new Bitbucket connection through Docker Hub.
We recommend that all users review their source repositories, especially those authorized for Autobuilds.
We are continuing to investigate this incident, and if we identify any additional impact or broader scope, we will notify you promptly.
Should you encounter any issues or require further assistance, please don’t hesitate to reach out to our support team.
Thank you for your understanding and cooperation as we work diligently to resolve this matter.
Thank you,
The Docker Team"
Beta Was this translation helpful? Give feedback.
All reactions