In recent days, a still not identified hacker group got unauthorized access to a Docker database, a company dedicated to programmer software development, compromising around 200k users’ accounts, as reported by cyber forensics course specialists.
Docker allows developers to run software
packages (containers), which are employed by some of the world’s leading
technology companies. According to cyber forensics course specialists, the
company fears that the threat actors have gained illegitimate access to the
source code developed by the users stored on the platform. However, it is still
not known specifically what the compromised information is.
Some users fear that hackers could access some
keys and tokens to access private repositories; this, coupled with the risk of
malicious code injection, leaves many users of the platform in a compromising
situation. Docker security teams continue to investigate the incident.
Docker top customers include companies such as PayPal,
Splunk and Atlassian, among others. In addition, according to cyber forensics
course specialists, multiple developers who work for companies like Facebook
and Google are also frequent users of this platform.
According to a spokesman from Atlassian, one of
the affected companies, Docker sent them a notice last Friday mentioning the
incident; The Atlassian IT security team immediately started a password reset
process. “We believe that hackers are likely to attack Docker to get an
entry point to compromise the sensitive assets of other companies,” the
Docker security teams also fear that hackers
can bypass multi-factor authentication to access repositories from other
similar platforms, such as GitHub, using the access codes and tokens stolen
during this incident. “It’s as if a thief stole just in one move the keys
to every house in a neighborhood.”
As an additional security measure, experts from
the International Institute of Cyber Security (IICS) recommend potentially
affected users to reset their passwords and access tokens on GitHub as well.