A CISA contractor maintained a now-offline GitHub repo that exposed credentials to AWS GovCloud accounts and CISA systems; CISA is investigating the situation
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository …
Krebs on Security Brian Krebs
Related Coverage
- CISA Admin Exposes AWS GovCloud Credentials on Public GitHub Repository Cyber Security News · Abinaya
- 'The Worst Leak That I've Witnessed': U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub Gizmodo · Mike Pearl
- New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub — Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. … @briankrebs@infosec.exchange · BrianKrebs
- when you select candidates for loyalty to the regime rather than competence, you don't get the best people — https://krebsonsecurity.com/ ... @ariadne@social.treehouse.systems
- CISA Admin Leaked AWS GovCloud Keys on Github Lobsters
- U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub Hacker News
- US cyber agency CISA exposed reams of passwords and cloud keys to the open web TechCrunch · Zack Whittaker
- CISA contractor apparently leaked ‘highly sensitive’ government AWS keys on Github TechRadar · Sead Fadilpašić
- CISA GitHub Leak Exposed GovCloud Keys for Months WinBuzzer · Markus Kasanmascheff
- RE: https://infosec.exchange/... I could make jokes. — I could poke fun. — But here's the thing. — This shit is hard. The best of us make mistakes constantly, so what hope does the average org have? — We have been telling people to “just patch your system” and “store your secrets carefully” for 30 years and we still come to this point daily. … @petrillic@hachyderm.io · Chris Petrilli
- CISA exposed plaintext passwords and cloud keys on GitHub for six months Crypto Briefing
- CISA Admin Leaked AWS GovCloud Keys On Github Slashdot · BeauHD
- Exclusive: Senator requests classified briefing on CISA credentials leak Axios · Sam Sabin
- In stunning display of stupid, secret CISA credentials found in public GitHub repo Ars Technica · Lee Hutchinson
- America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens - and incredibly obvious filenames The Register
- Warning: Anthropic's Mythos Can Break Software It's Trying To Fix Forbes · Thomas Brewster
Discussion
-
@gregdelawie
Ambassador Greg Delawie
on bluesky
No shock that a contractor for Trump's CISA left a bunch of plaintext passwords available for the world to see. The incompetence of this regime is astounding. krebsonsecurity.com/2026/05/ cisa...
-
@numb.comfortab.ly
@numb.comfortab.ly
on bluesky
There are fuck-ups, and then there's this krebsonsecurity.com/2026/05/ cisa...
-
r/fednews
r
on reddit
CISA Admin Leaked AWS GovCloud Keys on Github
-
r/technology
r
on reddit
CISA Admin Leaked AWS GovCloud Keys on Github
-
r/cybersecurity
r
on reddit
CISA Contractor Admin Leaked AWS GovCloud Keys on Github
-
r/pwnhub
r
on reddit
CISA Admin Leaked AWS GovCloud Keys on Github
-
@esqueer.net
Alejandra Caraballo
on bluesky
They left out admin keys for govcloud accounts for 6 months in a public github repo in a file called importantAWStokens. Any script kiddie could have compromised critical government systems with that. Who knows how many state actors did so. — gizmodo.com/the-worst-le...
-
@dangillmor@mastodon.social
Dan Gillmor
on mastodon
The Trump regime destroyed federal cyber-security and then tried to rebuild it with idiots, and one result is this breathtakingly bad data leak of things that you definitely don't want the bad guys to know about. — Security journalist Brian Krebs has the grim details: — https…
-
r/tech
r
on reddit
'The Worst Leak That I've Witnessed': U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
-
r/technology
r
on reddit
'The Worst Leak That I've Witnessed': U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
-
r/InterstellarKinetics
r
on reddit
BREAKING: A U.S. Cybersecurity Agency Contractor Exposed AWS GovCloud Credentials and Plaintext Passwords on Public a GitHub Repository …
-
r/TrueAnon
r
on reddit
CISA Admin Leaked AWS GovCloud Keys on Github
-
r/Intelligence
r
on reddit
'The Worst Leak That I've Witnessed': U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
-
r/hacking
r
on reddit
CISA Admin Leaked AWS GovCloud Keys on Github
-
r/Foodforthought
r
on reddit
'The Worst Leak That I've Witnessed': U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub