We Got a CISA GitHub Leak Taken Down in Under a Day
A significant leak of CISA credentials was discovered in a public GitHub repository named Private-CISA. The repository contained sensitive information, including plain-text passwords and AWS tokens, and was taken down by CISA within 26 hours of detection. This incident highlights the risks associated with public repositories and the importance of secure practices in managing sensitive data.
- ▪GitGuardian found a public GitHub repository called Private-CISA on May 14, 2026, containing 844 MB of sensitive data.
- ▪The repository included plain-text passwords, AWS tokens, and internal documentation backups, exposing CISA's operational practices.
- ▪CISA took the repository offline within 26 hours after being notified of the leak.
Opening excerpt (first ~120 words) tap to expand
Security Research How We Got a CISA GitHub Leak Taken Down in Under a Day On May 14, GitGuardian found a public GitHub repository called "Private-CISA" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours. Guillaume Valadon Guillaume is a Cybersecurity Researcher at GitGuardian. He holds a PhD in networking. He likes looking at data and crafting packets. He co-maintains Scapy. And he still remembers what AT+MS=V34 means! More posts by Guillaume Valadon. Guillaume Valadon 19 May 2026 • 2 min read Follow us on Table of contents On May 14, 2026, GitGuardian found what looked like leaked CISA secrets in a public GitHub repository named Private-CISA.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitGuardian Blog - Take Control of Your Secrets Security.