CISA Admin Leaked AWS GovCloud Keys on GitHub Repository
Original: CISA accidentally leaked their own keys on GitHub
Why This Matters
Massive government security breach exposes critical infrastructure agency's cloud credentials
A CISA contractor exposed highly privileged AWS GovCloud credentials and internal system passwords in a public GitHub repository called 'Private-CISA' until May 15, 2026. Security researchers discovered plaintext passwords, cloud tokens, and access to critical CISA infrastructure in what experts call one of the worst government data leaks in recent history.
GitGuardian researcher Guillaume Valadon discovered the public GitHub repository containing CISA's sensitive credentials after the contractor failed to respond to alerts. The exposed data included administrative credentials to three AWS GovCloud servers in a file named 'importantAWStokens' and dozens of plaintext usernames and passwords for internal CISA systems in 'AWS-Workspace-Firefox-Passwords.csv'. Security consultant Philippe Caturegli confirmed the credentials provided high-privilege access to CISA's Landing Zone DevSecOps environment and internal artifactory systems. The contractor had deliberately disabled GitHub's default security feature that blocks publication of SSH keys and secrets. The repository appeared to be used as a working scratchpad rather than a curated project, with both CISA and personal email addresses associated with commits.