CISA exposed plaintext passwords and cloud keys on GitHub for six months
CISA inadvertently exposed sensitive data on GitHub for six months. The repository contained plaintext passwords and AWS GovCloud keys, raising concerns about the agency's internal security. The exposure was discovered by GitGuardian, highlighting vulnerabilities in critical infrastructure protection.
- ▪CISA left admin credentials and AWS GovCloud keys in a public repository for six months.
- ▪The repository, named 'Private-CISA,' contained 844 MB of sensitive data.
- ▪GitGuardian discovered the exposed data on May 14, 2026.
Opening excerpt (first ~120 words) tap to expand
CISA exposed plaintext passwords and cloud keys on GitHub for six months The US federal cybersecurity agency, tasked with protecting critical infrastructure, left admin credentials and AWS GovCloud keys in a public repository that sat undetected for half a year. Share Add us on Google by Editorial Team May. 19, 2026 window.sevioads = window.sevioads || []; var sevioads_preferences = []; sevioads_preferences[0] = {}; sevioads_preferences[0].zone = "01f21ccf-2092-46b1-9ac7-8c44cc782e0f"; sevioads_preferences[0].adType = "native"; sevioads_preferences[0].inventoryId = "c5700508-581b-472c-8fdd-a931cdbfc8e1"; sevioads_preferences[0].accountId = "1e47efc1-ec2d-4fca-a8b9-354e249e5095"; sevioads.push(sevioads_preferences); A public repo maintained by a CISA contractor, ironically named…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Crypto Briefing.
Discussion
0 commentsMore from Crypto Briefing
