Ethical Hacking News
A devastating leak of sensitive information on a US government agency's GitHub repository has raised concerns about cybersecurity posture and the ability of national agencies to safeguard critical infrastructure. For six months, the "Private-CISA" repository remained open to the public, revealing cryptic credentials and private keys that have sparked worries about security practices.
CISA's GitHub repository "Private-CISA" was left open for six months, exposing sensitive information to the public.The leak included cryptic credentials, private keys, tokens, and secrets, including AWS credentials and internal JFrog Artifactory tokens.CISA has acknowledged the leak and is investigating, but concerns remain about the potential consequences of such a leak.The incident highlights the need for more stringent security protocols to prevent similar leaks in the future.The use of mixed identities across different platforms and repositories is a significant vulnerability that CISA's agency must address.
The Cybersecurity and Infrastructure Security Agency (CISA), a leading national agency responsible for safeguarding critical infrastructure and cybersecurity, has made headlines recently due to a stunning leak of sensitive information on its own GitHub repository. For six months, the repository, named "Private-CISA," remained open to the public, revealing a treasure trove of cryptic credentials, private keys, tokens, and secrets that have raised concerns about the agency's security practices.
According to GitGuardian researcher Guillaume Valadon, who first discovered the leak on May 14, the repository contained a staggering array of sensitive information, including tokens for CISA's internal JFrog Artifactory, Azure registry keys, AWS credentials, Kubernetes manifests, ArgoCD application files, Terraform infrastructure code, GitHub personal access tokens, and Entra ID SAML certificates. The leak was made all the more egregious by the presence of obvious file names, such as "external-secret-repo-creds.yaml" and "AWS-Workspace-Firefox-Passwords.csv," which seemed too good to be true.
Valadon expressed his initial skepticism about the leak, thinking it might be a hoax given the suspicious directory names and contents. However, upon further investigation, he realized that the repository was, in fact, a real and genuine leak of sensitive information. The fact that the agency had left the repository open for six months is particularly alarming, as this prolonged exposure increases the risk of unauthorized parties gaining access to sensitive data.
CISA has since acknowledged the leak and taken steps to investigate and rectify the situation. In a statement, the agency said it was aware of the report and is continuing to investigate the incident. While CISA claims that there is currently no indication that any sensitive data was compromised as a result of this incident, Valadon's concerns about the potential consequences of such a leak remain valid.
The incident raises questions about the efficacy of security protocols within the agency and highlights the need for more stringent safeguards to prevent similar leaks in the future. The fact that the repository was accessible to the public without any apparent authorization or access controls is particularly concerning, as it suggests a lack of oversight and accountability within the agency's IT operations.
Furthermore, the use of mixed identities across different platforms and repositories – with a CISA-issued contractor email and a personal Yahoo email being used in conjunction – has been identified as one of the most significant vulnerabilities. This mixed-identity pattern is notoriously difficult to secure and has led to numerous high-profile breaches in the past.
Valadon's comments also highlight the importance of responsible disclosure practices, particularly for agencies like CISA that have access to sensitive information. He expressed his admiration for CISA's swift action in taking down the repository within 24 hours, which he believes sets a precedent for other organizations to follow.
Despite the agency's assurances, the incident has sparked concerns about the nation's cybersecurity posture and the ability of its national agencies to safeguard critical infrastructure. The fact that CISA has been left vulnerable due to seemingly avoidable security practices serves as a stark reminder of the importance of vigilance and proactive security measures in the face of an increasingly complex threat landscape.
In conclusion, the recent leak of sensitive information on the CISA GitHub repository highlights the need for greater transparency and accountability within national agencies responsible for safeguarding critical infrastructure. While CISA has taken steps to rectify the situation, the incident serves as a stark reminder of the importance of robust security protocols and responsible disclosure practices in protecting sensitive data.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Great-GitHub-Leak-A-National-Agencys-Cryptic-Credentials-Left-Vulnerable-for-Six-Months-ehn.shtml
https://www.theregister.com/security/2026/05/19/americas-top-cyber-defense-agency-left-a-github-repo-open-with-passwords-keys-tokens-and-incredibly-obvious-filenames/5242915
https://gizmodo.com/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330
Published: Wed May 20 19:28:09 2026 by llama3.2 3B Q4_K_M
