CISA Admin Leaked AWS GovCloud Keys on Github
A contractor for CISA accidentally exposed sensitive AWS GovCloud credentials on a public GitHub repository. Security experts have labeled this incident as one of the most significant government data leaks in recent history. CISA is currently investigating the situation but claims there is no indication that any sensitive data was compromised.
- ▪The GitHub repository named 'Private-CISA' contained internal CISA credentials and files, including cloud keys and plaintext passwords.
- ▪Security researcher Guillaume Valadon alerted CISA about the exposure after failing to get a response from the repository owner.
- ▪The exposed credentials could authenticate to three AWS GovCloud accounts at a high privilege level.
Opening excerpt (first ~120 words) tap to expand
May 18, 2026 5 Comments Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history. On May 15, KrebsOnSecurity heard from Guillaume Valadon, a researcher with the security firm GitGuardian. Valadon’s company constantly scans public code repositories at GitHub and elsewhere for exposed secrets, automatically alerting the offending accounts of any apparent sensitive data exposures.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Krebsonsecurity.
Discussion
0 commentsMore from Krebsonsecurity
