Docker Inc.

Docker provides containerization technology enabling developers to build, package, and deploy applications within standardized units called containers. Its core offerings include the Docker Engine runtime, developer tools, and Docker Hub, a cloud-based registry service for sharing and managing container images. This platform serves developers and organizations globally, facilitating application development, testing, and deployment workflows across diverse computing environments. Docker Hub acts as a central repository where users can store public and private container images and automate builds by linking to source code repositories like GitHub and Bitbucket.

A significant security incident occurred on April 25, 2019, involving unauthorized access to a Docker Hub database. This breach potentially exposed sensitive data of approximately 190,000 users, including some usernames and hashed passwords. Crucially, the compromise also involved access tokens used for automated builds linked to GitHub and Bitbucket accounts. These tokens posed a substantial supply-chain risk, as they could have enabled attackers to gain unauthorized access to users' private code repositories and potentially inject malicious code into automated builds. Docker responded by immediately revoking all exposed tokens and access keys. The company advised affected users to change their passwords and review their repository security logs for any suspicious activity. This incident underscored the critical security responsibilities inherent in managing a widely used development platform and led Docker to enhance its security processes and monitoring capabilities. Investigations continued to fully assess the breach's impact scope.