https://flare.io/learn/resources/docker-hub-secrets-exposed
In just one month of scanning, security researchers found more than 10,000 Docker Hub images have been found to contain leaked secrets, including live credentials to production systems. This breach has exposed over 100 organisations, including a Fortune 500 company and a major national bank, many of whom were unaware of the compromise.
The researchers found that 42% of the exposed images contained five or more secrets each, meaning a single container could provide attackers with access to an entire cloud environment, CI/CD pipeline, and database. Alarmingly, the most frequently leaked credentials were AI and LLM model keys, highlighting how the rapid adoption of these technologies has outpaced security controls.
The researchers attribute this issue to the fragile nature of secrets in the modern software development lifecycle, where credentials are scattered across source code, configuration files, developer laptops, and build pipelines. Even when developers remove the leaked secrets from containers, 75% fail to revoke or rotate the underlying keys, leaving organisations exposed for months or years.