Hello there,
We’re contacting you to let you know that your Docker account was accessed using valid credentials by what we believe to be an unauthorized party.
On November 12, 2025, our monitoring systems detected automated login attempts against Docker accounts using credentials obtained from breaches of other, non-Docker services. This is a technique known as credential stuffing. There is no evidence that Docker’s infrastructure or services were compromised.
To protect your account and personal information, please take the following steps as soon as possible:
- Reset your Docker account password: instructions located here. Create a new, unique password that you don’t use on any other site.
- Enable Multifactor Authentication to add extra protection; Instructions located here.
- Rotate or revoke any Docker access tokens (Personal Access Token) used for CLI or API access
- Revoke any OAuth tokens or third-party app access connected to your Docker account
- Stay alert for phishing emails or suspicious login alerts. You can check your email accounts against known breaches via Have I Been Pwned
If you have any questions or need to report suspicious activity related to your account please contact Docker Support
here.
Thank you for helping keep your account secure,
Docker Security Team
