CISA Leaks Secret Credentials in a Public Github Repo

Brian Krebs reported that a public GitHub repository with sensitive internal CISA credentials "including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets."


This is a companion discussion topic for the original entry at https://www.privacyguides.org/news/2026/05/26/cisa-leaks-secret-credentials-in-a-public-github-repo/
3 Likes

Don’t worry, it’s 5D chess by the agency to raise awareness about securing your tokens.

_

_

_

_

_

If you don’t agree

I am afraid you have TDS, we can’t keep winning. We fired 1/3 of the agency and we only have a few more leaks! Worth it!

Thank you for your attention to this matter

4 Likes

Here’s a relevant video I found:

1 Like

https://cybernews.com/security/cisa-major-github-data-leak-lessons/

Key takeaways:

A contractor exposed sensitive internal CISA data, including credentials and infrastructure code, on a public GitHub repository, and the incident was brought to light by an investigative journalist.

CISA says it is reinforcing its security posture by implementing stricter control over public repositories and enhanced secret monitoring.

The agency shares lessons for organizations to strengthen their defenses

1 Like

This is peak satire and I applaud you for it. It is funny and informative.

As an additional wrinkle to this story, it is important to clarify that the GitHub repo exposing all this data was not owned or operated by CISA but instead by a contractor. No not a company contracted with CISA, but an individual’s personal account.

So the failure is on CISA allowing this data to be exported, undetected, by a careless individual contractor. Rather than CISA failing to secure a Repo.

5 Likes