US cyber agency CISA exposed reams of passwords and cloud keys to the open web
Source: TechCrunch
Incident Overview
U.S. cybersecurity agency CISA may have avoided a sizable security breach thanks to a good‑faith security researcher who identified publicly exposed credentials that allowed access to government cloud and internal agency systems.
Discovery
Independent security reporter Brian Krebs reported that GitGuardian researcher Guillaume Valadon found reams of exposed plaintext credentials listed in spreadsheets that had been made publicly accessible in a GitHub repository by an employee of a CISA contractor.
Exposed Credentials
The exposed material included:
- Access tokens
- Cloud keys
- Other sensitive files
Valadon told Krebs that the credentials could be used to access systems belonging to CISA and its parent agency, the Department of Homeland Security. He tested some of the keys to confirm they were valid and then reported the lapse to Krebs after the CISA contractor who maintained the GitHub environment failed to respond to alerts.
Agency Response
- When contacted by TechCrunch, a CISA spokesperson did not immediately comment or confirm whether the agency has evidence of a breach stemming from the exposure.
- TechCrunch inquired whether CISA has revoked and replaced the exposed credentials; a response was not provided at the time of reporting.
Context
- The lapse is especially embarrassing for CISA, which is responsible for cybersecurity across the civilian federal network and advises on best practices such as storing passwords in secured password managers rather than unprotected spreadsheets.
- Although the incident traces back to an employee of a CISA contractor, the agency remains ultimately responsible for the security of its own network and systems, including those managed by contractors.
- CISA has been without a permanent director since January 20, 2025, when then‑director Jen Easterly stepped down ahead of the incoming Trump administration.
- The agency has also lost about a third of its workforce due to cuts, furloughs, and layoffs since Trump took office, as reported by NextGov.