CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository

CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository

Briefly

"CISA is investigating after a contractor's public GitHub repository exposed AWS GovCloud credentials, internal files, and passwords. The federal agency that tells Americans how to secure their systems is now investigating how sensitive credentials tied to its own work ended up in public view. A report from Krebs on Security says a contractor linked to the US Cybersecurity and Infrastructure Security Agency (CISA) left highly privileged, sensitive credentials in a public GitHub repository. While there is no indication that sensitive data was compromised, the exposure revealed sufficient data that, if in the wrong hands, could lead to one of the easiest breaches ever recorded."

"According to Krebs on Security, a security researcher, Guillaume Valadon, reached out after discovering the public repository and being unable to get the owner to respond. Valadon's company, GitGuardian, scans GitHub for accidentally exposed secrets. During one of those scans, Valadon stumbled upon what he calls "the worst leak that I've witnessed in my career." Speaking to Krebs on Security, the researcher said he initially couldn't believe what he had discovered until he took a deeper look at the repository."

"The repository contained several files and credentials belonging to the Department of Homeland Security (DHS) and CISA. It contained plaintext passwords for internal infrastructure stored in .csv format, cloud keys, authentication tokens, logs, and other highly sensitive data that simply should not be out in the open. The repository also contained Git backup files and files detailing how the agency builds, tests, and deploys its intern"