CISA Admin Leaked AWS GovCloud Keys On Github

Source: Slashdot

Overview

An anonymous reader cited a report from KrebsOnSecurity that a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts described the archive as one of the most egregious government data leaks in recent history.

Details of the Leak

• The repository, named “Private‑CISA,” contained a vast collection of internal CISA/DHS credentials and files, including cloud keys, tokens, plaintext passwords, logs, and other sensitive assets.

• Commit logs showed that the CISA administrator had disabled GitHub’s default setting that blocks users from publishing SSH keys or other secrets in public repositories.

• Excerpts from a security researcher’s email highlighted the poor security hygiene:

  “Passwords stored in plain text in a CSV, backups in Git, explicit commands to disable GitHub secrets detection feature.”

• The researcher, Guillaume Valadon of GitGuardian, flagged the repository after the owner failed to respond to outreach. Valadon described the incident as “the worst leak I’ve witnessed in my career,” noting that while it appears to be an individual mistake, it may also reveal broader internal practices.

Response from CISA

“Currently, there is no indication that any sensitive data was compromised as a result of this incident,” a CISA spokesperson wrote.
“While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.”

Timeline and Aftermath

• The GitHub account was taken offline shortly after CISA was notified.

• According to security analyst Caturegli, the exposed AWS keys remained valid for an additional 48 hours.

• Caturegli speculated on the cause of the leak:

  “What I suspect happened is [the CISA contractor] was using this GitHub to synchronize files between a work laptop and a home computer, because he has regularly committed to this repo since November 2025.”

• The incident underscores the risks of improper secret management and the importance of automated detection tools in public code repositories.

Source: KrebsOnSecurity – CISA admin leaked AWS GovCloud keys on GitHub