A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) publicly exposed highly privileged AWS GovCloud credentials and numerous internal system passwords on a GitHub repository named “Private-CISA,” representing one of the most severe government data leaks in recent history. The exposed files contained plaintext passwords, cloud keys, and sensitive configuration details, posing significant risks for unauthorized access and lateral movement within CISA systems. CISA is investigating the incident, stating no current evidence of data compromise, while security experts condemned the poor security practices involved, which may reflect broader internal issues.
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

