Over 10,000 Docker Hub images found leaking credentials, auth keys (www.bleepingcomputer.com)

Recent investigations revealed that over 10,000 Docker Hub container images are leaking sensitive credentials, including authentication tokens for production systems and AI models. Conducted by threat intelligence firm Flare, the scan uncovered a total of 10,456 images exposing critical data affecting more than 100 organizations, including a Fortune 500 company and a major bank. Among the leaked secrets, 4,000 were related to AI model access, with many images violating security best practices by containing hardcoded keys and using .ENV files improperly. This significant breach highlights a critical vulnerability for the AI/ML community and the wider tech landscape, demonstrating the risks posed by careless handling of Docker images. Flare noted that around 42% of the exposed images contained at least five sensitive values, which could provide unauthorized access to crucial infrastructure components like cloud environments and CI/CD systems. The findings underscore the need for better secrets management practices and proactive measures, such as implementing dedicated vaults for sensitive data and conducting regular security scans throughout the development lifecycle, to mitigate potential threats from exposed credentials.