Feeds.Feedburner
CISA Contractor Exposes Sensitive AWS Credentials on Public GitHub
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A contractor for the U.S. Cybersecurity and Infrastructure Security Agency (CISA) left a public GitHub repository named 'Private-CISA' exposed for six months, containing sensitive credentials including AWS GovCloud access keys and internal CISA system passwords. Discovered by GitGuardian researcher Guillaume Valadon on May 14, 2026, the repository included files such as 'importantAWStokens' and 'AWS-Workspace-Firefox-Passwords.csv', which detailed access to critical infrastructure. The repository was created on November 13, 2025, and remained accessible until it was taken down on May 15, 2026, after Valadon alerted CISA. Despite the quick response, some credentials remained valid for an additional 48 hours, raising concerns about potential exploitation. CISA has stated there is currently no evidence that sensitive data was compromised as a result of the incident. The leak highlights significant lapses in security practices, especially given CISA's role in advising on cybersecurity.
Key Points: • A public GitHub repository exposed sensitive AWS GovCloud credentials for six months. • The repository contained plaintext passwords and access tokens for multiple internal CISA systems. • CISA has confirmed no evidence of data compromise, but some credentials remained valid for 48 hours post-disclosure.