Kubernetes breaches could put major businesses data at risk

News
By published

Some pretty big businesses simply aren't paying attention where their passwords are

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

Some pretty major companies are slacking when it comes to Kubernetes configuration secrets, which could spell security disaster, a new report from cybersecurity researchers Aqua has claimed.

In a new paper, researchers Yakir Kadkoda and Assaf Morag explained that firms are uploading Kubernetes configuration secrets to public repositories, risking hackers picking them up and using them in attacks against their endpoints

They came to this conclusion after using a GitHub API to find all entries containing .dockerconfigjson and .dockercfg which usually store credentials for container image registry access. The results returned 438 records, out of which half (203) held valid credentials that could be used to access the registries. The list contained 345 computer-generated passwords and 93 manual ones. 

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Weak credentials

"In the majority of cases, these credentials allowed for both pulling and pushing privileges," the researchers said. "Moreover, we often discovered private container images within most of these registries."

Another problem is the strength of the manually created passwords. Almost half were considered weak, including the likes of test123456, ChangeMe, and dockerhub, which hackers can easily guess. "This underscores the critical need for organizational password policies that enforce strict password creation rules to prevent the use of such vulnerable passwords," the researchers stressed.

Among the companies that risked data breaches this way are two major blockchain firms and “various Fortune 500” organizations. 

The researchers also found plenty of Amazon Web Services (AWS) and Google Container Registry (GCR) passwords, all of which were temporary and expired. Also, the GitHub Container Registry had multi-factor authentication (MFA) set up, rendering it useless for the attackers. 

"In some cases, the keys were encrypted and thus there was nothing to do with the key," the researchers said. "In some cases, while the key was valid it had minimal privileges, often just to pull or download a specific artifact or image."

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
API
Businesses are being plagued by API security risks - with nearly 99% affected
Data Breach
Thousands of widely-used public workspaces are leaking data
Shadowed hands on a digital background reaching for a login prompt.
Private API keys and passwords found in AI training dataset - nearly 12,000 details leaked
hacker.jpeg
Thousands of GitHub repositories exposed via Microsoft Copilot
Stress
Time tracker tool spilled details on remote workers - millions of screenshots leaked
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
Thousands of iOS apps found to expose user data
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
AMD Ryzen 9950X

I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
See more latest
Most Popular
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now