CISA Spilled Cloud Keys on GitHub — Then Said No Harm

A CISA contractor exposed passwords, tokens and AWS GovCloud keys on GitHub. The agency says it sees no sign sensitive data was compromised.

Key takeaways

• On May 15, a GitGuardian researcher escalated a warning that should never have existed: CISA-linked passwords, cloud keys, and access tokens were sitting in a ...
• The exposure was first reported by independent security journalist Brian Krebs and later covered by TechCrunch, which said the exposed material included credential...
• May 15: GitGuardian flags a public repo called “Private-CISA”
• Guillaume Valadon, a security researcher at GitGuardian, found the exposed secrets in spreadsheets and other files made publicly accessible in a GitHub reposit...

👉 Read the full breakdown on MLXIO

Canonical source: https://mlxio.com/cybersecurity/cisa-github-cloud-key-leak