This reminds me of "crackit"[0] from a few years ago with Redis. A lot of folks kept their Redis server bound to 0.0.0.0 with no firewall or published port 6379 by "accident" with Docker and by default Redis uses no password. It was a lot worse than meow because with some Redis configuration magic anyone could inject their own SSH keys onto the server.
This article says Redis is affected but I would be curious to see which version of Redis was being used because they changed their default configuration after crackit was wide spread.
Yeah one thing though with Docker is that in some cases it injects its rules into iptables before the firewall application's.
I was using arno-iptables-firewall and this suffered from that, docker containers would be world accessible. In general I only bind them to localhost anyway, but I figured this out when testing. It doesn't seem to happen with UFW.
But I can imagine some people know how to set up a firewall but then just assume it works and don't check. This is the kind I do feel sorry for, at least they tried to protect it.
This happened to me. Was just getting started with docker and got everything working and a few months later someone had set a password on my redis database. Who knows what else happened before that.
This article says Redis is affected but I would be curious to see which version of Redis was being used because they changed their default configuration after crackit was wide spread.
[0]: http://antirez.com/news/96