Docker Hub data breach exposes data of 190,000 users.
On April 24, 2019, Docker Hub suffered a data breach that exposed the sensitive data of 190,000 users from the Docker Hub database. The compromised information included usernames and hashed passwords, in addition to Github and Bitbucket tokens for Docker autobuilds.
The aftermath.
Docker Hub requested that all the affected users change their Docker Hub passwords, and the company also urged users to change their passwords for other applications if they used the same password. Docker Hub also revoked the GitHub tokens and access keys of users whose autobuilds were impacted. As a security measure, the company urged its clients to monitor their security logs for any suspicious activity in their environments.
The breach only lasted for a short time, and it affected less than 5% of Docker Hub users. However, these affected autobuilds could serve as an entry point for hackers to gain unauthorized entry into the products which use them. Docker Hub has subsequently taken steps to implement protective measures to enhance its security.
Threats are everywhere, and it's important for your business to be prepared for such incidents. If you want to avoid disasters like these and stay out of the news for the wrong reasons, investing in a comprehensive SIEM solution like ManageEngine Log360 is key. Download a 30-day, free trial to combat internal and external security attacks.
Here's how ManageEngine can help to thwart such incidents.
Log360, our comprehensive SIEM solution, can help your organization by:
- Alerting security teams in real time about events that require their immediate attention, such as network attacks, unauthorized access attempts to files or folders, security group membership changes, and account lockouts.
- Detecting unauthorized network access attempts with its built-in Structured Threat Information eXpression (STIX/TAXII) feeds processor. Log360 also has a global IP threat database that can instantly detect known malicious traffic passing through the network, as well as outbound connections to malicious domains and callback servers. Its global IP threat database contains more than 600 million blacklisted IP addresses that are collected from trusted open-source threat feeds and updated daily.
- Finding potential insider threats with Log360's user and entity behavior analytics engine, which creates a baseline of normal activities that are specific to each user, and then notifies security personnel instantly when there's a deviation from this norm. Rather than using static threshold values, this tool employs a combination of data analytics and machine learning to define dynamic thresholds based on real-world user behavior.
- Obtaining important forensic information about incidents. The collected logs can be securely archived to help prove adherence to compliance standards and reduce potential legal penalties during investigations.
- Automatically raising incidents as tickets to specific technicians in ServiceDesk Plus, JIRA, Zendesk, Kayako, or ServiceNow to create an incident resolution process that's swift and accountable.
Download a free trial of Log360 to see the tool in action for yourself.
Latest Ransomware attacks
Latest Data breach attacks
Latest Email Phishing attacks
Latest DoS and DDoS attacks
Latest Brute force attack
Latest Advanced persistent threat (APT)
