Tag
Lawmakers demand answers after a CISA contractor intentionally exposed AWS GovCloud keys and other secrets on a public GitHub repository, raising concerns about the agency's security culture amid staffing disruptions.
A public GitHub repository named 'Private-CISA' exposed plaintext passwords, SSH keys, and tokens belonging to CISA, allowing high-privilege access to AWS GovCloud accounts. The breach was discovered by GitGuardian and reported by Brian Krebs, following a previous incident where the acting CISA director leaked government documents via ChatGPT.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) exposed its cloud storage credentials in plain text on a public GitHub repository named 'Private-CISA' for about six months, until the leak was fixed over the weekend. No evidence of compromise has been found, but the incident underscores ongoing turmoil within the agency.
A CISA contractor leaked highly privileged AWS GovCloud credentials and internal system passwords on a public GitHub repository, representing one of the most egregious government data leaks in recent history.