it

U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub

Published: (May 19, 2026 at 08:24 AM EDT)
2 min read
Source: Hacker News

Source: Hacker News

Incident Overview

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) inadvertently exposed digital keys to its cloud storage accounts in plain‑text form on a public GitHub repository, according to a report from Krebs on Security. The repository, named “Private‑CISA,” contained passwords, keys, and tokens—including a CSV file with plaintext credentials. The issue was fixed over the weekend.

CISA Statement

“Currently, there is no indication that any sensitive data was compromised as a result of this incident[…] While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.”

The repository was created in November of the previous year, suggesting the vulnerability may have persisted for up to six months, though the exact duration is uncertain.

Background on CISA

CISA is a branch of the Department of Homeland Security established by the Cybersecurity and Infrastructure Security Agency Act of 2018. Since its inception, the agency has faced operational challenges, including leadership turnover and funding debates.

Political Context

  • The agency’s leadership has changed multiple times, with acting directors awaiting Senate confirmation.
  • Funding for CISA has been a point of contention, with proposals to significantly reduce its budget.

(These points are provided for context; they do not directly affect the technical nature of the leak.)

Details of the Leak

  • File “importantAWStokens” – contained administrative credentials for three Amazon AWS GovCloud servers.
  • File “AWS-Workspace-Firefox-Passwords.csv” – listed plaintext usernames and passwords for dozens of internal CISA systems, including a system named “LZ‑DSO” (Landing Zone DevSecOps), the agency’s secure code development environment.

The leak appears to have originated from a government contractor employee (Nightwing) who used GitHub to transfer material between a work device and a home device.

Expert Commentary

Guillaume Valadon of GitGuardian, a company that scans GitHub for exposed secrets, told Krebs that this was “the worst leak that I’ve witnessed in my career.”

Sources

0 views
#cybersecurity #CISA #AWS #GitHub #cloud security #data breach #public keys
View source
Share:
Back to Blog

Related posts

Read more »

When Identity is the Attack Path

markdown !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgv9W2lSuCdHjvqeLUN5WtqUOgCwe2FAyP1Y_z4oUr1LgM1MdOE5A83gkzSOfGjIosfdlfB4SuLbeVbydeuParENW4MH...