CISA contractor GitHub repository exposed internal credentials
Data Leak
Summary
Hide ▲
Show ▼
A CISA contractor left a public GitHub repository exposing AWS GovCloud credentials and internal access material, creating a serious data leak involving sensitive government systems. The repository, Private-CISA, contained cloud keys, tokens, and plaintext passwords for internal CISA resources. Researchers later validated that the exposed credentials could access three AWS GovCloud accounts at a high privilege level. The exposure was removed, but the leaked material had already created a significant risk of unauthorized access and lateral movement.
Related Happenings
Single organization's private GitHub repository cloned after confirmed access
Data Leak
H score12
First: 09.07.2026 21:38
Last: 09.07.2026 21:38
Sources 1
About this happening:
**Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...
Single organization's private GitHub repository cloned after confirmed access
Data LeakAbout this happening: **Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...
FortiBleed Fortinet/FortiGate VPN credential leak
Data Leak
H score80
First: 17.06.2026 18:12
Last: 17.06.2026 18:12
Sources 1
About this happening:
**FortiBleed** is a **data leak** of **Fortinet/FortiGate VPN credentials** that now includes a verified database of **86,644 confirmed working credentials** collected from **inte...
FortiBleed Fortinet/FortiGate VPN credential leak
Data LeakAbout this happening: **FortiBleed** is a **data leak** of **Fortinet/FortiGate VPN credentials** that now includes a verified database of **86,644 confirmed working credentials** collected from **inte...
Latest development: 19.06.2026 09:47
CISA urged Fortinet customers to secure FortiGate appliances after nearly 74,000 firewall and VPN credentials were exposed in the FortiBleed leak. The agency advised affected owners to terminate SSL VPN and administrative sessions, reset VPN and administrative passwords, enable phishing-resistant multifactor authentication, review logs for unauthorized access or lateral movement, store admin credentials with PBKDF2, restrict firewall management interfaces from public internet access, and remove unauthorized accounts.
Congress demands CISA answers on GitHub credential leak
Public Sector Action
H score19
First: 22.05.2026 19:34
Last: 22.05.2026 19:34
Sources 1
How related:
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account.
About this happening:
**Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...
Congress demands CISA answers on GitHub credential leak
Public Sector ActionHow related: Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account.
About this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...
GitHub data exposed after GitHub breach
Data Leak
H score35
First: 20.05.2026 11:14
Last: 20.05.2026 11:14
Sources 1
About this happening:
GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub data exposed after GitHub breach
Data LeakAbout this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub internal repositories private-code leak claim
Data Leak
H score46
First: 20.05.2026 08:08
Last: 20.05.2026 08:08
Sources 1
About this happening:
GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
GitHub internal repositories private-code leak claim
Data LeakAbout this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
Latest development: 21.05.2026 17:45
A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.
Timeline
-
22.05.2026 19:34 1 articles · 1mo ago
Lawmakers demand answers over CISA Private-CISA leak
Legal Policy Action UpdateOn May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.
Show sources
- Lawmakers Demand Answers as CISA Tries to Contain Data Leak — krebsonsecurity.com — 22.05.2026 19:34
-
18.05.2026 23:48 2 articles · 1mo ago
Private-CISA repository exposes CISA and DHS credentials
Initial DisclosureA contractor-maintained public GitHub repository named Private-CISA was created and exposed CISA and DHS secrets, including AWS GovCloud administrative credentials, cloud keys, tokens, plaintext passwords, logs, and files showing how CISA builds, tests, and deploys software internally.
Show sources
- CISA Admin Leaked AWS GovCloud Keys on Github — krebsonsecurity.com — 18.05.2026 23:48
- CISA Admin Leaked AWS GovCloud Keys on Github — krebsonsecurity.com — 18.05.2026 23:48
-
18.05.2026 23:48 1 articles · 1mo ago
Researchers validate Private-CISA credentials and CISA investigates
Technical Analysis UpdateResearchers from GitGuardian and Seralys validated that the leaked AWS keys could authenticate to three AWS GovCloud accounts at a high privilege level, found plaintext credentials for CISA's internal artifactory and other systems, and CISA said it was investigating with no indication that sensitive data had been compromised. The repository was taken offline after notification, but the exposed AWS keys reportedly remained valid for another 48 hours.
Show sources
- CISA Admin Leaked AWS GovCloud Keys on Github — krebsonsecurity.com — 18.05.2026 23:48