By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Tech Consumer JournalTech Consumer JournalTech Consumer Journal
  • News
  • Phones
  • Tablets
  • Wearable
  • Home Tech
  • Streaming
  • More Articles
Reading: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
Share
Sign In
Notification Show More
Font ResizerAa
Tech Consumer JournalTech Consumer Journal
Font ResizerAa
  • News
  • Phones
  • Tablets
  • Wearable
  • Home Tech
  • Streaming
  • More Articles
Search
  • News
  • Phones
  • Tablets
  • Wearable
  • Home Tech
  • Streaming
  • More Articles
Have an existing account? Sign In
Follow US
  • Contact
  • Blog
  • Complaint
  • Advertise
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Tech Consumer Journal > News > U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
News

U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub

News Room
Last updated: May 19, 2026 1:32 am
News Room
Share
SHARE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been leaving the digital keys to its own cloud storage accounts sitting out in the open, in plain text form, for some unknown amount of time, according to a report from Krebs on Security. The problem finally got fixed over the weekend, the report says.

Surely the secret information was buried in some obscure folder with an inscrutable name, I hear you saying. The repository was reportedly named “Private-CISA.”

But there’s no way the contents were that sensitive, you object. But the contents included passwords, keys, and tokens—and the passwords were plain text in a .CSV file.

CISA gave a statement to Krebs, saying the following:

“Currently, there is no indication that any sensitive data was compromised as a result of this incident[…] While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.”

Since the repository was created in November of last year, the duration of the vulnerability seems to have been about six months—but it could have been much shorter depending on what information as added when.

To refresh your memory, CISA is a relatively new branch of the Department of Homeland Security that has had an overall rough time during Trump 2.0, even though, by signing it into law in 2018, Trump actually midwifed CISA into existence during Administration 1.0, and sorry about the tangent, but Trump’s speech to mark the occasion was an exceptional example of Trump poetry, including excerpts like this one:

“The cyber battlespace evolves — and it is evolving, and unfortunately, faster than a lot of people want to talk about. But battlespace it is. So as the cyber battlespace evolves, this new agency will ensure that we confront the full range of threats from nation-states, cyber criminals, and other malicious actors, of which there are many.” 

Incontestably true, Mister President. Battlespace it is.

Anyway, Trump was enraged by information provided by CISA leadership during the period between the 2020 election and January 6, 2021 when he was on a mission to have the election results overturned in his favor. He fired the CISA director he appointed, and since taking office again, his CISA has been a chaotic farce. Neither of the acting directors he’s appointed so far have been confirmed by the Senate, and Trump has recently sought to drastically cut CISA’s funding.

Now, to add to CISA’s worries, it seems, according to one interpretation from the Krebs report on what was in the repository, an individual employee working for a government contractor called Nightwing was using Github to move material from a work device to a home device—sorta like emailing documents to yourself, but somehow even less secure than that.

I’m no expert on federal Cybersecurity, but this from Krebs sounds like stuff we as citizens don’t want our government leaking:

“One of the exposed files, titled ‘importantAWStokens,’ included the administrative credentials to three Amazon AWS GovCloud servers. Another file exposed in their public GitHub repository — ‘AWS-Workspace-Firefox-Passwords.csv’ — listed plaintext usernames and passwords for dozens of internal CISA systems. According to Caturegli, those system[s] included one called ‘LZ-DSO,’ which appears short for ‘Landing Zone DevSecOps,’ the agency’s secure code development environment.”

Kreb’s source about the information left out in the open was Guillaume Valadon of GitGuardian, a company that scans GitHub for secrets, meaning his business is finding situations like this one. Valadon told Krebs it was “the worst leak that I’ve witnessed in my career.”

Read the full article here

You Might Also Like

Apple Is Coming for the People Building OpenAI’s Future

A Huge Gaming Headset With Even Bigger Sound

Officials Are Struggling to Track America’s Explosive Diarrhea Outbreak. The Culprit Is Depressingly Obvious

SpaceX Has Lost $1 Trillion in Value Since Its Post-IPO Peak

Roborock’s Big LiDAR Robotic Lawnmower Needs No Satellites

Share This Article
Facebook Twitter Copy Link Print
Previous Article Punch the Monkey’s Enclosure Allegedly Invaded as Memecoin-Pumping Stunt
Next Article Some Boston Fliers Will Now Go Through TSA 25 Miles from the Airport
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1kLike
69.1kFollow
134kPin
54.3kFollow

Latest News

It’s Never Been Cooler to Take Down a Flock Camera
News
Zoox Issues Recall After Heavy Smoke Caused a Robotaxi to Enter an Active Emergency Scene
News
Scientists Detect First Atmosphere on Rocky Habitable-Zone Planet, Boosting Hopes for Alien Life
News
The Future of OLED Screens May Be… Inkjet Printing?
News
The Killer Robots Have an Eric Trump Problem
News
How Samantha Morton Approached Her Scene-Stealing Role in ‘The Odyssey’
News
All-In Podcast Bro Fails to Read 25-Word Email, Concludes He Is Debate Champion
News
China’s Xi Jinping Wants AI to Be Open to the World—and Out of America’s Control
News

You Might also Like

News

‘The Journey of a Dark Elf With Fading Powers’ Finds Beauty in the Magic of Starting Over

News Room News Room 9 Min Read
News

‘Mortal Kombat II’ Starts Brawling on HBO Max Next Week

News Room News Room 2 Min Read
News

‘The Odyssey’ Is Already Off to an Epic Start

News Room News Room 3 Min Read
Tech Consumer JournalTech Consumer Journal
Follow US
2024 © Prices.com LLC. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • For Advertisers
  • Contact
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?