CISA left AWS GovCloud admin credentials, plaintext passwords, and tokens in a public GitHub repo named “Private-CISA” for roughly six months.
Key Takeaways
A Nightwing contractor apparently used GitHub to transfer files between work and home devices, exposing a file called importantAWStokens with credentials to three AWS GovCloud servers.
AWS-Workspace-Firefox-Passwords.csv contained plaintext usernames and passwords for dozens of internal CISA systems, including LZ-DSO (Landing Zone DevSecOps), the agency’s secure code development environment.
GitGuardian’s Guillaume Valadon, whose firm scans GitHub for exposed secrets professionally, called it “the worst leak that I’ve witnessed in my career.”
CISA’s statement claims no sensitive data was confirmed compromised but acknowledges the need for additional safeguards.
The repo was created November 2024, placing the exposure window at approximately six months before remediation.
Hacker News Comment Review
Discussion is thin and mostly sardonic; no technical post-mortems or security architecture debate surfaced.
The thread was flagged as a duplicate of an earlier Krebs-sourced submission, limiting comment accumulation.
Notable Comments
@ohyoutravel: “You can’t spell cisappointment without CISA.”
