1. Forum
  2. tqwNet
  3. TQW GENTECH

  • CISA contractor apparently leaked 'highly sensitive' government A

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 19, 2026 16:30:26
    CISA contractor apparently leaked 'highly sensitive' government AWS keys on Github

    Date:
    Tue, 19 May 2026 15:20:00 +0000

    Description:
    The leak was so bad, researchers initially thought it was a joke.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter A public GitHub repository called PrivateCISA exposed highly sensitive internal credentials and systems used by the US Cybersecurity and Infrastructure Security Agency Security researchers confirmed the authenticity of the leak, describing it as one of the worst government data exposures they had ever seen The repository, maintained by contractor Nightwing, was eventually locked down, with CISA pledging safeguards to prevent future incidents Researchers have revealed details on what they called, one of the most egregious government data leaks in recent history involving some potentially incredibly sensitive US government information.

    Security researcher Guillaume Valadon reached out to KrebsOnSecurity to help contact a person in charge of a public GitHub repository. This person, who
    was not responding to messages, was operating a GitHub repository called Private-CISA which contained, among other things: Latest Videos From You may like 70,000+ US Army files exposed despite CISA warning EU cyberattack may have been worse than we thought - 90GB of data published online as 30
    entities hit Security study finds thousands of API credentials exposed on the web for years AWS GovCloud administrative credentials for three accounts AWS access keys AWS tokens (including importantAWStokens file) Plaintext
    usernames and passwords for internal CISA systems AWS-Workspace-Firefox-Passwords.csv containing login credentials Credentials for internal system LZ-DSO (Landing Zone DevSecOps) Internal CISA/DHS system authentication credentials Credentials for internal Artifactory (software repository) SSH keys exposed in a public repository "The worst leak in my career" Valadon said the archive detailed how CISA builds and deploys
    software internally and that, in general, it is the worst leak that Ive witnessed in my career.

    In a letter shared with KrebsOnSecurity , Valadon said he first thought the entire database was fake, given the sensitivity of the files found inside. It is obviously an individuals mistake, but I believe that it might reveal internal practices, he said.

    Multiple security researchers confirmed the authenticity of the leak and said that at least some of the credentials found inside worked. They managed to
    get the repository locked down after getting in touch with the US Cybersecurity and Infrastructure Security Agency (CISA), who confirmed it was looking into the matter:

    Currently, there is no indication that any sensitive data was compromised as
    a result of this incident, the CISA spokesperson allegedly wrote. While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences. Are you a pro? Subscribe to our newsletter Sign
    up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The researchers later established that the repository was maintained by a government contractor called Nightwing, which declined to comment and
    directed all inquiries to CISA. It is unknown for how long the repository remained open, but it was created in mid-November 2025, and chances are it
    was unlocked since inception. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisa-contractor-apparently-leaked-highl y-sensitive-government-aws-keys-on-github


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)