Logo
News Ababil
Explore
SYS_NODE: ONLINE // Cyber Security

CISA AWS GovCloud keys leak exposes massive government cloud credentials

DECRYPTED BY: Kaelen Frost | TIMESTAMP: 2026-05-21 T 20:42:06 Z | [ 2 MIN READ ]
CISA AWS GovCloud keys leak exposes massive government cloud credentials
2 Min Read
Share

In a startling breach, a contractor for the Cybersecurity and Infrastructure Security Agency (CISA) left a public GitHub repository brimming with AWS GovCloud credentials, marking what experts call the CISA AWS GovCloud keys leak. The repo, named “Private‑CISA,” housed admin tokens, plaintext passwords and deployment scripts, effectively handing outsiders a master key to the agency’s cloud environment.

How the leak unfolded

Security researcher Guillaume Valadon of GitGuardian flagged the repo after automated scans detected dozens of secrets. The contractor, an employee of Nightwing, a Dulles‑based government contractor, had disabled GitHub’s built‑in secret‑detection feature, allowing SSH keys and passwords to be committed publicly.

“Passwords stored in plain text in a CSV, backups in Git, explicit commands to disable GitHub secrets detection—this is the worst leak I’ve witnessed,” Valadon wrote.

The exposed files included importantAWStokens with admin access to three AWS GovCloud accounts, and a CSV listing usernames and passwords for internal systems such as the Landing Zone DevSecOps environment (LZ‑DSO). Security analyst Philippe Caturegli confirmed the keys remained active for ↓ 48 hours after the repo was taken down.

CISA AWS GovCloud keys leak: impact on agency operations

Caturegli demonstrated that the compromised credentials could authenticate to high‑privilege GovCloud resources and to CISA’s internal Artifactory, a repository of software packages that could serve as a persistent foothold for attackers. “That would be a prime place to move laterally,” he warned.

The agency, already operating with ↓ 33% fewer staff due to budget cuts and attrition, issued a brief statement acknowledging the incident and asserting no evidence of data misuse so far. CISA said it is tightening safeguards and conducting a full investigation.

For additional context on government cloud security, see Reuters and AP News.


Analysis by Kaelen Frost (Lead Cybersecurity Analyst).

Global Data Feed

More from this Intel

Scattered Spider hackers plead guilty on first day of trial, UK courts set sentencing

Scattered Spider hackers plead guilty on first day of trial,...

Jul 05, 2026
U.S. Government Pays Kairos Data Theft Ransom of $1 Million

U.S. Government Pays Kairos Data Theft Ransom of $1 Million

Jul 04, 2026
FBI Seizes NetNut Proxy Network Linked to Popa Botnet, Shutting Down Millions of Devices

FBI Seizes NetNut Proxy Network Linked to Popa Botnet, Shutting...

Jul 04, 2026
FatFs vulnerabilities expose millions of embedded devices to attack

FatFs vulnerabilities expose millions of embedded devices to attack

Jul 04, 2026
NetNut proxy network crippled: Google‑led strike cuts off 2 million devices

NetNut proxy network crippled: Google‑led strike cuts off 2 million devices

Jul 04, 2026
Australia’s Cybercrime Risk Declines, but SMBs Shoulder New Burden

Australia’s Cybercrime Risk Declines, but SMBs Shoulder New Burden

Jul 03, 2026

Join The Elite

Get the top 0.1% global intelligence and market insights delivered directly to your inbox before the masses.

We respect your privacy. No spam.