DevOps, Identity, AI/ML

Sensitive secrets leaked by thousands of Docker Hub images

The Docker website is displayed on a computer.

BleepingComputer reports that more than 100 organizations, most of which are small and medium-sized businesses, had their production system and CI/CD database credentials, large language model keys, and other sensitive data leaked by 10,456 Docker Hub container images.

Software development entities accounted for most of the 101 firms that had their secrets exposed, followed by organizations in the market and industrial sectors and those in the AI and intelligent systems industries, according to findings from threat intelligence firm Flare. While an analysis of the images showed that most of the revealed secrets were AI model tokens, nearly 42% have leaked five or more sensitive values, with majority of the exposures linked to shadow IT accounts.

"These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," said Flare, which recommended centralized secrets management and continuous image scanning to mitigate potential compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds