Docker Hub, the largest container registry, has discovered that over 10,400 images expose sensitive data. This includes live credentials for production systems, CI/CD databases, and LLM model keys. The most frequent secrets are access tokens for AI models like OpenAI and HuggingFace.
Security researchers found that 42% of scanned images exposed at least five sensitive values, representing critical risks to cloud environments, Git repositories, and more. Many organizations in the software development sector were affected, with over 10 finance and banking companies having their data exposed.
The study highlights common mistakes, such as using .ENV files for storing database credentials or hardcoding API tokens in Python application files. It also notes that many leaks originate from ‘shadow IT’ accounts, which are Docker Hub accounts used outside of corporate monitoring mechanisms.
To avoid similar incidents, experts recommend storing secrets in container images, centralizing secrets management, and implementing active scanning across the software development life cycle. Organizations should revoke exposed secrets and break down IAM silos to protect their business.
Source: https://www.bleepingcomputer.com/news/security/over-10-000-docker-hub-images-found-leaking-credentials-auth-keys