CISA contractor exposed AWS GovCloud keys and internal agency systems in public GitHub repository
KrebsOnSecurity reported May 18 that a contractor for CISA maintained, until the preceding weekend, a public GitHub repository exposing credentials to several highly privileged AWS GovCloud accounts and a large number of.
At a glance
- A CISA contractor's public GitHub repository exposed credentials to highly privileged AWS GovCloud accounts and numerous internal CISA systems, per KrebsOnSecurity
- Exposed files detailed CISA's internal software build, test and deployment processes
VERDICT — CONFIRMED
KrebsOnSecurity reported May 18 that a contractor for CISA maintained, until the preceding weekend, a public GitHub repository exposing credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Per the report, the archive included files detailing how CISA builds, tests and deploys software internally. Security experts quoted by Krebs called it one of the most egregious government data leaks in recent history.
Key facts on file
- A CISA contractor's public GitHub repository exposed credentials to highly privileged AWS GovCloud accounts and numerous internal CISA systems, per KrebsOnSecurity
- Exposed files detailed CISA's internal software build, test and deployment processes


