Hi, we are some hub.docker users and we think we are getting hacked and we have a lot of our images that as been marked as “Pulled” very recently.
Last pull is about a few seconds ago for a lot of different versions.
Is it an issue from docker side about generating random pulls ?
Can we access to “who” pulled this image ?
Thank you

We’re having exactly the same issue on our private repo. We’ve changed the passwords, and the images with “LAST PULL a few seconds ago” still keep on coming. Very often it’s for completely outdated images, where there’s no way anyone sane would use them.

We also verified the access tokens - the “LAST PULL” time is always fresher than the last use of any access token.

Is this something to worry about?

I was just about to ask this very same question.

Pulls of really old dev images that haven’t been pruned, being pulled at 8:30am on a Saturday morning? I don’t think so…

I have the same issue. Is there any way to realize who pulls images from private repos? It would be convenient to know pullers’ accounts or clients’ IP addresses.

I also have a private repository. I don’t use it, I only created it to test something occasionally. I don’t have active CI test pipeline but the latest image was pulled 4 hours ago.

I don’t think we all have been hacked. It would be good to know if Docker Hub pulls private images, but I don’t think the IP addresses or the account names could be shared.