On September 24, 2024 we identified suspicious activity on our network. Upon identifying this potential security issue, we initiated an investigation.

We have discovered that OAuth credentials used for integration between Docker Hub Autobuilds and Bitbucket may have been exposed. While at this time there is no evidence that these credentials were accessed, your account is or was connected to Bitbucket and may potentially be affected.

To mitigate any potential risk, we have invalidated the OAuth credentials that allow access to Bitbucket repositories for Autobuilds. As a result, any newly triggered builds linked to Bitbucket will be stuck in a pending state without your intervention.

Next Steps:

• If you are actively using Autobuilds with Bitbucket, you will need to reconnect your account. Please follow the steps outlined here to set up a new Bitbucket connection through Docker Hub.
• We recommend that all users review their source repositories, especially those authorized for Autobuilds.

We are continuing to investigate this incident, and if we identify any additional impact or broader scope, we will notify you promptly.

Should you encounter any issues or require further assistance, please don’t hesitate to reach out to our support team.

Thank you for your understanding and cooperation as we work diligently to resolve this matter.

Thank you,
The Docker Team