{"id":248803,"date":"2026-05-18T17:02:00","date_gmt":"2026-05-18T21:02:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/cisa-admin-leaked-aws-govcloud-keys-on-github-krebs-on-security\/"},"modified":"2026-05-18T17:15:12","modified_gmt":"2026-05-18T21:15:12","slug":"cisa-admin-leaked-aws-govcloud-keys-on-github-krebs-on-security","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/cisa-admin-leaked-aws-govcloud-keys-on-github-krebs-on-security\/","title":{"rendered":"CISA Admin Leaked AWS GovCloud Keys on Github \u2013 Krebs on Security"},"content":{"rendered":"<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/05\/cisa-admin-leaked-aws-govcloud-keys-on-github\/\">CISA Admin Leaked AWS GovCloud Keys on Github \u2013 Krebs on Security<\/a><\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/05\/cisa-admin-leaked-aws-govcloud-keys-on-github\/\">https:\/\/krebsonsecurity.com\/2026\/05\/cisa-admin-leaked-aws-govcloud-keys-on-github\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-18 17:02:00<\/a><\/p>\n<p>Source Domain: <a href=\"krebsonsecurity.com\">krebsonsecurity.com<\/a><\/p>\n<p>Until this past weekend, a contractor for the <strong>Cybersecurity &#038; Infrastructure Security Agency<\/strong> (CISA) maintained a public <strong>GitHub<\/strong> repository that exposed credentials to several highly privileged <strong>AWS GovCloud<\/strong> accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.<\/p>\n<p>On May 15, KrebsOnSecurity heard from <strong>Guillaume Valadon<\/strong>, a researcher with the security firm <strong>GitGuardian<\/strong>. Valadon\u2019s company\u00a0constantly scans public code repositories at GitHub and elsewhere for exposed secrets, automatically alerting the offending accounts of any apparent sensitive data exposures. Valadon said he reached out because the owner in this case wasn\u2019t responding and the information exposed was highly sensitive.<\/p>\n<p id=\"caption-attachment-73614\" class=\"wp-caption-text\">A redacted screenshot of the now-defunct \u201cPrivate CISA\u201d repository maintained by a CISA contractor.<\/p>\n<p>The GitHub repository that Valadon flagged was named \u201c<strong>Private-CISA<\/strong>,\u201d and it harbored a vast number of internal CISA\/DHS credentials and files, including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets.<\/p>\n<p>Valadon said the exposed CISA credentials represent a textbook example of poor security hygiene, noting that the commit logs in the offending GitHub account show that the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories.<\/p>\n<p>\u201cPasswords stored in plain text in a csv, backups in git, explicit commands to disable GitHub secrets detection feature,\u201d Valadon wrote in an email. \u201cI honestly believed that it was all fake before analyzing the content deeper. This is indeed the worst leak that I\u2019ve witnessed in my career. It is obviously an individual\u2019s mistake, but I believe that it might reveal internal practices.\u201d<\/p>\n<p>One of the exposed&#8230;<\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/05\/cisa-admin-leaked-aws-govcloud-keys-on-github\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Admin Leaked AWS GovCloud Keys on Github \u2013 Krebs on Security https:\/\/krebsonsecurity.com\/2026\/05\/cisa-admin-leaked-aws-govcloud-keys-on-github\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":248805,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/05\/privatecisa.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-248803","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248803"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=248803"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248803\/revisions"}],"predecessor-version":[{"id":248806,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248803\/revisions\/248806"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/248805"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=248803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=248803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=248803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}