Congress demands answers as CISA struggles to contain GovCloud credential leak
KrebsOnSecurity reported May 22 that lawmakers in both houses of Congress are demanding answers from CISA following the outlet's report that a contractor intentionally published AWS GovCloud keys and a vast trove of agen.
At a glance
- Lawmakers in both houses of Congress demanded answers from CISA over the contractor GitHub leak of AWS GovCloud keys and agency secrets, per KrebsOnSecurity
- CISA was still working to contain the breach and invalidate leaked credentials as of May 22
VERDICT — CONFIRMED
Lawmakers in both houses of Congress are demanding answers from CISA over a contractor's leak of AWS GovCloud keys and a trove of agency secrets, KrebsOnSecurity reported on May 22.
The congressional inquiry follows the outlet's earlier report that a contractor intentionally published the GovCloud credentials and agency material on a public GitHub account. Per KrebsOnSecurity, the demands for answers come from members of both the House and Senate.
As of May 22, CISA was still struggling to contain the breach and invalidate the leaked credentials, per the report — meaning the exposure window remained open weeks into the response.
The intentionality of the contractor's publication is KrebsOnSecurity's characterization; no charges or formal findings were cited in the material reviewed. CISA's own public accounting of what was exposed, and the identity of the contractor, remain unconfirmed in this brief. The next step per the report is the agency's response to the congressional demands.
Key facts on file
- Lawmakers in both houses of Congress demanded answers from CISA over the contractor GitHub leak of AWS GovCloud keys and agency secrets, per KrebsOnSecurity
- CISA was still working to contain the breach and invalidate leaked credentials as of May 22
