Trending

    CISA Exposes Sensitive Credentials on GitHub for Six Months

    Section editor: ·Moderate5 articles covering this·5 news sources·Updated 2 months ago·World
    Share:
    Illustration of CISA's sensitive credentials leak on GitHub

    Here's what it means for you.

    This incident raises critical concerns about the security practices of government agencies and their handling of sensitive information.

    What happened

    The Cybersecurity and Infrastructure Security Agency (CISA) leaked sensitive credentials on GitHub for six months, including plaintext passwords and AWS keys.

    The Context

    • The exposed data included SSH keys and plaintext passwords.
    • The leak was discovered in May 2026 but had been active since November 2025.
    • Researchers initially thought the severity of the leak was a joke.

    Takeaway

    This incident underscores the urgent need for improved security protocols in managing sensitive data.

    5 Articles
    Ars Technica — All

    In stunning display of stupid, secret CISA credentials found in public GitHub repo

    Sensitive credentials belonging to the Cybersecurity and Infrastructure Security Agency (CISA) were discovered publicly available on GitHub, including SSH keys and plaintext passwords, raising significant security concerns. These credentials had been...

    2 months ago
    Read Full Article
    Ars Technica

    In stunning display of stupid, secret CISA credentials found in public GitHub repo

    Sensitive credentials belonging to the Cybersecurity and Infrastructure Security Agency (CISA) were discovered publicly available on GitHub, including SSH keys and plaintext passwords, raising significant security concerns. These credentials had been...

    2 months ago
    Read Full Article
    Crypto Briefing

    CISA exposed plaintext passwords and cloud keys on GitHub for six months

    The Cybersecurity and Infrastructure Security Agency (CISA) has revealed that it inadvertently exposed plaintext passwords and cloud keys on GitHub for a duration of six months, raising significant concerns about security practices in managing sensit...

    2 months ago
    Read Full Article
    TechRadar

    CISA contractor apparently leaked 'highly sensitive' government AWS keys on Github

    A contractor for the Cybersecurity and Infrastructure Security Agency (CISA) reportedly leaked highly sensitive AWS keys on GitHub, leading to initial disbelief among researchers who thought the incident was a joke. This breach raises significant con...

    2 months ago
    Read Full Article
    TechCrunch

    US cyber agency CISA exposed reams of passwords and cloud keys to the open web

    The Cybersecurity and Infrastructure Security Agency (CISA) has come under scrutiny after a report revealed that it inadvertently exposed plaintext passwords and cloud keys in a spreadsheet uploaded to a public GitHub repository, as reported by journ...

    2 months ago
    Read Full Article
    Hacker News

    CISA Admin Leaked AWS GovCloud Keys on GitHub

    A contractor for the Cybersecurity and Infrastructure Security Agency (CISA) has leaked highly sensitive AWS GovCloud keys on GitHub, raising serious security concerns. The incident, which was initially met with disbelief, highlights significant laps...

    2 months ago
    Read Full Article