diff --git a/CHANGELOG.md b/CHANGELOG.md
index d98b209..6dc720f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## Changes since v3.1.0
 
+- [#85](https://github.com/pusher/oauth2_proxy/pull/85) Potentially breaking change: docker user & group (@kskewes)
 - [#68](https://github.com/pusher/oauth2_proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove)
 
 # v3.1.0
diff --git a/Dockerfile b/Dockerfile
index 126ce40..2373897 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,4 +19,7 @@ FROM alpine:3.8
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy
 
+RUN addgroup -S -g 2000 oauth2proxy && adduser -S -u 2000 oauth2proxy -G oauth2proxy
+USER oauth2proxy
+
 ENTRYPOINT ["/bin/oauth2_proxy"]
diff --git a/Dockerfile.arm64 b/Dockerfile.arm64
index 4a8dc7d..5abd9bb 100644
--- a/Dockerfile.arm64
+++ b/Dockerfile.arm64
@@ -19,4 +19,7 @@ FROM arm64v8/alpine:3.8
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy
 
+RUN addgroup -S -g 2000 oauth2proxy && adduser -S -u 2000 oauth2proxy -G oauth2proxy
+USER oauth2proxy
+
 ENTRYPOINT ["/bin/oauth2_proxy"]
diff --git a/Dockerfile.armv6 b/Dockerfile.armv6
index 5f7f7af..d51f16d 100644
--- a/Dockerfile.armv6
+++ b/Dockerfile.armv6
@@ -19,4 +19,7 @@ FROM arm32v6/alpine:3.8
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy
 
+RUN addgroup -S -g 2000 oauth2proxy && adduser -S -u 2000 oauth2proxy -G oauth2proxy
+USER oauth2proxy
+
 ENTRYPOINT ["/bin/oauth2_proxy"]