Docker Hub has become a significant source of leaked credentials, with over 10,000 public container images exposing sensitive secrets from more than 100 organizations, including a Fortune 500 company and a major bank. According to the cybersecurity firm Flare, their analysis of images uploaded in November 2025 revealed 10,456 containers leaking one or more secrets. Nearly half of these images contained five or more exposed values, allowing attackers access to production systems, cloud services, and AI platforms. The most commonly leaked secrets were API keys for large language models, with around 4,000 tokens found, highlighting a gap in security as developers rush to adopt AI. Developers often unknowingly publish sensitive information embedded in Docker images. These images capture everything in the build context, including .env files and hard-coded API keys. Once uploaded, these secrets are available for anyone to access, and automated scanners can detect them long before developers realize the mistake. A significant portion of the leaks comes from “shadow IT” accounts, where individual developers or contractors manage Docker Hub registries outside corporate oversight, allowing sensitive credentials to remain unnoticed. Flare identified an instance where a Fortune 500 company's secrets were exposed through a personal public Docker account, with no clear links to the organization. One alarming case involved a senior software architect at a national bank, whose registry contained hundreds of images, some leaking AI API tokens. More than 430 containers were publicly accessible without adequate security measures, putting sensitive financial information at risk. Even after developers delete exposed secrets from images, the underlying credentials often remain active. Flare found that in about 75% of cases, deleted keys were still usable, creating ongoing security vulnerabilities. To mitigate these risks, Flare recommends that developers avoid embedding secrets in images and adopt dedicated secrets management tools, ephemeral credentials, and automated scanning before pushing artifacts to public registries.