Ethical Hacking News
US Cybersecurity and Infrastructure Security Agency (CISA) left a GitHub repository open with sensitive information exposed, sparking concerns about the agency's ability to manage sensitive data. The incident highlights the importance of adhering to best practices for securing sensitive data and prioritizing cybersecurity in all aspects of operations.
CISA's GitHub repository leaked sensitive information, including plain-text passwords and private keys, for six months.The leak was discovered by GitGuardian researcher Guillaume Valadon on May 14.The leaked information included tokens, AWS credentials, and GitHub personal access tokens.CISA took down the repository just one day after it was reported, highlighting concerns about their security measures.Experts warn that more needs to be done to ensure the security of sensitive information on public platforms like GitHub.
The Cybersecurity and Infrastructure Security Agency (CISA), the nation's top cyber-defense agency, has been left red-faced after a leak of sensitive information was exposed on their own GitHub repository for six months. The leak, which was discovered by GitGuardian researcher Guillaume Valadon, contained plain-text passwords, private keys, tokens, and secrets, as well as an "explicit" guide on how to disable GitHub's secret scanning feature.
The leak, which was first reported on May 14, included tokens for CISA's internal JFrog Artifactory, Azure registry keys, AWS credentials, Kubernetes manifests, ArgoCD application files, Terraform infrastructure code, GitHub personal access tokens, and Entra ID SAML certificates. The repository also contained a "catalogue of unsafe practices," including backups committed to Git and passwords stored in plain text.
Valadon initially thought the repository was a hoax due to its suspicious directory names and file names, but upon further investigation, he realized that it was indeed a legitimate CISA repository. He quickly understood that the leak was bad and that time was running out, as a national agency having 844 MB of production infrastructure material in a public GitHub repository for six months is considered a serious breach.
The CISA spokesperson told The Register that they were aware of the report and were investigating the incident. They stated that currently, there was no indication that any sensitive data had been compromised as a result of this incident. However, Valadon expressed concerns about the severity of the leak, citing the potential for destructive attacks and ransomware extortion.
Valadon also highlighted the fact that the committer used both a CISA-issued contractor email and a personal Yahoo email across the same commits, creating a mixed-identity pattern that is difficult for security teams to cover. This, he warned, was where the worst leaks happen.
The incident has raised questions about the nation's infosec agency's ability to manage sensitive information and its reliance on GitHub as a platform for storing and sharing data. The fact that CISA took down the repository just one day after it was reported highlights the agency's efforts to address the leak, but also raises concerns about the effectiveness of their security measures.
In light of this incident, it is clear that more needs to be done to ensure the security and integrity of sensitive information stored on public platforms like GitHub. The incident serves as a reminder of the importance of adhering to best practices for securing sensitive data and the need for agencies to prioritize cybersecurity in all aspects of their operations.
Related Information:
https://www.ethicalhackingnews.com/articles/A-National-Security-Agency-Exposed-The-CISA-GitHub-Repository-Leak-ehn.shtml
https://www.theregister.com/security/2026/05/19/americas-top-cyber-defense-agency-left-a-github-repo-open-with-with-passwords-keys-tokens-and-incredibly-obvious-filenames/5242915
Published: Tue May 19 13:32:25 2026 by llama3.2 3B Q4_K_M
