1. Forum
  2. Fidonet
  3. CONSPRCY

  • CISA contractor leaks AWS keys

    From Mike Powell@1:2320/105 to All on Wed May 20 09:49:50 2026
    So, are they really this incompetent, or are they doing it on purpose?

    CISA contractor apparently leaked 'highly sensitive' government AWS keys on Github

    Date:
    Tue, 19 May 2026 15:20:00 +0000

    Description:
    The leak was so bad, researchers initially thought it was a joke.

    FULL STORY
    Researchers have revealed
    details on what they called, one of the most egregious government data leaks in recent history involving some potentially incredibly sensitive US government information.

    Security researcher Guillaume Valadon reached out to KrebsOnSecurity to help contact a person in charge of a public GitHub repository. This person, who
    was not responding to messages, was operating a GitHub repository called Private-CISA which contained, among other things:

    AWS GovCloud administrative credentials for three accounts
    AWS access keys
    AWS tokens (including importantAWStokens file)
    Plaintext usernames and passwords for internal CISA systems AWS-Workspace-Firefox-Passwords.csv containing login credentials
    Credentials for internal system LZ-DSO (Landing Zone DevSecOps)
    Internal CISA/DHS system authentication credentials
    Credentials for internal Artifactory (software repository)

    SSH keys exposed in a public repository -- "The worst leak in my
    career" Valadon said the archive detailed how CISA builds and deploys
    software internally and that, in general, it is the worst leak that Ive witnessed in my career.

    In a letter shared with KrebsOnSecurity , Valadon said he first thought the entire database was fake, given the sensitivity of the files found inside. It is obviously an individuals mistake, but I believe that it might reveal internal practices, he said.

    Multiple security researchers confirmed the authenticity of the leak and said that at least some of the credentials found inside worked. They managed to
    get the repository locked down after getting in touch with the US Cybersecurity and Infrastructure Security Agency (CISA), who confirmed it was looking into the matter:

    "Currently, there is no indication that any sensitive data was compromised as
    a result of this incident," the CISA spokesperson allegedly wrote. "While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences."

    The researchers later established that the repository was maintained by a government contractor called Nightwing, which declined to comment and
    directed all inquiries to CISA. It is unknown for how long the repository remained open, but it was created in mid-November 2025, and chances are it
    was unlocked since inception.

    Link to news story: https://www.techradar.com/pro/security/cisa-contractor-apparently-leaked-highl y-sensitive-government-aws-keys-on-github

    $$
    --- MultiMail/DOS
    * Origin: Capitol City Hub (1:2320/105)

Novedades:

Servidor de Quake 3 Arena Online! - Conectate a ferchobbs.ddns.net, puerto 27960 y vence con tu equipo!