Past week a Docker Hub database was breached. For this reason, all Bitbucket tokens have been revoked and should be relinked. We explained how you could do this in the attached instruction. Don’t hesitate to contact us if you need more information. #bitbucket #docker #abano #breaches
Recently (April 2019) Docker announced “Unauthorized access to Docker Hub database” and could have some impact for you.
In this article we explain how to check if there was unexpected access to your Bitbucket instance and how to reconnect Docker Hub again with Bitbucket.
Q: What happened?
There was a brief period of unauthorized access to a Docker Hub database. During this time some sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users).
Data includes usernames and hashed passwords for a small percentage of users as well as GitHub and Bitbucket tokens for Docker autobuilds. All these tokens have been revoked.
Verify if there was unexpected access to your Bitbucket instance.
To verify if any unexpected access has occurred to your Bitbucket instance, you could check your audit logs in Bitbucket.
The audit logs can be found under your profile in Bitbucket.
From your profile page, go to Settings
Where you could find ‘Audit log‘ in the Security box.
Relink your Docker to your Bitbucket account
Docker did well to revoke all tokens, but this means you will need to re link your Docker with your Bitbucket again.
Log in to Docker Hub using your Docker ID.
If you can’t login, check your e-mail as you will have received a mail to reset your password.
Click on your profile and go to Account Settings in the top-right
Go to the Linked Accounts section.
Click ‘connect’ on the Bitbucket row
Confirm access to your account
Your Docker Hub and Bitbucket are linked again.
If more info or advice is needed for your setup, don’t hesitate to contact us as Abano nv is your Atlassian Gold Solution Partner.