CISA Admin Leaked AWS GovCloud Keys on Github

What’s new: A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) inadvertently exposed AWS GovCloud credentials and sensitive internal CISA files on a public GitHub repository named “Private-CISA.” The repository included plaintext passwords, cloud keys, and internal documentation, representing a significant security breach. The repository was created on November 13, 2025, and was taken offline shortly after the exposure was reported. However, the AWS keys remained valid for an additional 48 hours.

Who’s affected

The incident primarily affects CISA and its internal systems, including AWS GovCloud accounts and various internal applications. The exposure of credentials could potentially allow unauthorized access to sensitive CISA resources.

What to do

• Review and rotate any exposed AWS credentials and internal passwords immediately.
• Implement stricter controls on the use of public repositories for sensitive information.
• Conduct a security audit to identify and mitigate any similar vulnerabilities in your organization.
• Educate staff on secure coding practices and the importance of protecting sensitive data.

Sources

• Krebs on Security