Security research firm Flare discovered over 10,000 Docker Hub images containing exposed secrets during a single month of scanning. The leaks included live credentials to production systems, affecting over 100 organizations. That includes a Fortune 500 company, not named for obvious reasons, and a major national bank. Nearly half of the exposed images contained five or more secrets each.
Flare’s November 2025 scan of Docker Hub found 10,456 container images with exposed keys across 205 distinct namespaces. After filtering for high and critical severity findings, researchers successfully identified 101 companies behind the leaks. The exposed credentials ranged from AI model access tokens to cloud infrastructure keys and database passwords.
The findings reveal a significant security gap, albeit one that’s sadly fairly familiar. AI API keys emerged as the most frequently leaked credentials, with almost 4,000 exposed. This reflects how rapidly AI adoption has outpaced security controls in many organizations. Cloud provider credentials (AWS, Azure, GCP) appeared in 127 accounts, while database credentials surfaced in 89 accounts.
What makes these exposures particularly dangerous is their scale. 42 percent of leaked images contained five or more secrets each. A single compromised container could potentially unlock an entire cloud environment, CI/CD pipeline and database infrastructure. Yet many organizations had no awareness of the breach until contacted by researchers.
Shadow IT accounts create blind spots
A significant portion of leaks originated from shadow IT accounts completely invisible to corporate monitoring. Personal Docker Hub accounts belonging to contractors, freelancers or employees frequently contained company secrets. In one case, researchers identified a Fortune 500 company whose credentials were exposed through a personal account with no visible connection to the organization.
Previous research in May 2024 found that 20 percent of Docker Hub’s 15 million repositories were being abused to spread malware. The combination of malicious repositories and accidentally leaked credentials creates a dangerous attack surface that threat actors actively exploit. Clearly, reports regularly show that Docker Hub is a security blind spot.
One contractor’s public Docker Hub account contained 70 repositories with exposed secrets for multiple client projects, Flare highlights. The containers included AWS access keys, S3 bucket credentials, PostgreSQL database passwords, Google Analytics keys and OpenAI API tokens. These credentials belonged entirely to client organizations but sat outside their security monitoring and controls.
Developer mistakes persist despite awareness
The company’s research identified common patterns in how secrets end up in containers. Developers frequently include .env files containing credentials during local development, then accidentally copy them into Docker images. The same pattern occurred with Python files containing hard-coded API tokens and secrets directly within Dockerfiles.
When exposure occurred, approximately 25 percent of developers removed the leaked secret from their container within one to two days. However, 75 percent failed to revoke or rotate the underlying keys. The visible leak disappeared, but the credentials remained fully valid and exploitable.
Attack scenarios show real-world impact
The research detailed several real-world attack scenarios involving exposed secrets. The Shai-Hulud 2.0 NPM worm, launched in November 2025, is perhaps the most notorious one of late. The malware infected NPM packages and used stolen credentials to spread itself across hundreds of packages and tens of thousands of repositories.
Flare identified exposed credentials across multiple business sectors. Organizations in technology, financial services, healthcare and e-commerce all appeared in the dataset. The researchers used Docker Hub metadata, domain names, IP addresses and code identifiers to correlate namespaces with specific companies when possible.