US cyber agency CISA exposed reams of passwords and cloud keys to the open web
The U.S. cybersecurity agency CISA faced a potential security issue when exposed credentials were found online. A researcher discovered sensitive information, including access tokens and cloud keys, in a publicly accessible GitHub repository. CISA has not confirmed whether any breaches occurred as a result of this exposure.
- ▪CISA's exposed credentials were linked to its internal systems and the Department of Homeland Security.
- ▪The credentials were made publicly accessible by an employee of a CISA contractor.
- ▪CISA has been without a permanent director since January 2025 and has lost a significant portion of its workforce.
Opening excerpt (first ~120 words) tap to expand
U.S. cybersecurity agency CISA may have escaped a sizable security breach, thanks to a good-faith security researcher who identified publicly exposed credentials that allowed access to government cloud and internal agency systems. As first reported by independent security reporter Brian Krebs, GitGuardian security researcher Guillaume Valadon found reams of exposed plaintext credentials listed in spreadsheets, which had been made publicly accessible in a GitHub repository by an employee working for a CISA contractor. Valadon told Krebs that the exposed credentials were used for accessing systems belonging to CISA and its parent agency, the Department of Homeland Security. Valadon said the credentials included access tokens, cloud keys, and other sensitive files.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechCrunch.
Discussion
0 commentsMore from TechCrunch
