CISA Exposed Passwords and Secret Keys in Public GitHub Leak

The U.S. government’s top cybersecurity agency is facing intense criticism after highly sensitive passwords, access keys, and internal credentials were reportedly left exposed in a public GitHub repository for months. The incident involves the Cybersecurity and Infrastructure Security Agency, commonly known as CISA, an agency created to protect America from cyberattacks and digital threats.

According to reports first revealed by cybersecurity journalist Brian Krebs through his site Krebs on Security, the exposed repository reportedly contained plain-text passwords, Amazon AWS GovCloud credentials, internal usernames, authentication tokens, and sensitive development environment information connected to CISA systems.

What shocked cybersecurity experts most was not only the severity of the leak, but also how openly accessible the material allegedly was. The public repository was reportedly named “Private-CISA,” making the irony impossible to ignore. The exposed data is believed to have remained visible for months before finally being removed over the weekend.

Security researchers described the situation as one of the most alarming government credential leaks seen in recent years. Guillaume Valadon of GitGuardian, a company specializing in detecting exposed secrets online, reportedly called it “the worst leak that I’ve witnessed in my career.”

Among the files discovered inside the repository were documents allegedly titled “importantAWStokens” and “AWS-Workspace-Firefox-Passwords.csv.” These files reportedly contained administrative credentials for multiple AWS GovCloud servers used by the government, along with dozens of usernames and passwords connected to internal CISA systems. Some credentials were allegedly stored in plain text without encryption, which cybersecurity professionals consider an extremely dangerous practice.

One of the systems referenced in the leak appeared to be tied to Landing Zone DevSecOps, a secure development environment used within the agency. Experts warn that exposure of such credentials could potentially allow unauthorized access to sensitive infrastructure, internal applications, or cloud-based systems if malicious actors had discovered and exploited them before removal.

CISA later released a statement saying there was currently “no indication that any sensitive data was compromised” as a result of the incident. The agency also stated that additional safeguards are now being implemented to prevent similar exposures in the future. However, many critics argue that the existence of such a leak at America’s primary cybersecurity agency raises major concerns about internal operational security and oversight.

The controversy has also renewed scrutiny around the current state of CISA during President Donald Trump’s second administration. Although Trump originally signed legislation creating CISA back in 2018, relations between him and the agency became strained after the 2020 election. CISA officials publicly rejected claims of widespread election fraud, leading Trump to dismiss key agency leadership at the time.

Since returning to office, Trump’s administration has reportedly faced criticism over instability within the agency. Acting directors have rotated through leadership positions without Senate confirmation, while proposed budget reductions have raised concerns among national security experts about the future effectiveness of America’s cyber defenses.

Reports also suggest the exposed repository may have been linked to a contractor employee associated with Nightwing, a cybersecurity and intelligence contractor. One interpretation of the findings suggests the repository may have been used to move files between work and personal devices, an action cybersecurity experts warn can create serious security vulnerabilities if not handled properly.

The incident has sparked widespread debate online about government cybersecurity standards, contractor oversight, and whether agencies responsible for protecting national infrastructure are themselves adequately protected. Critics argue that if exposed passwords and cloud credentials can remain publicly visible for months at America’s leading cybersecurity agency, it raises uncomfortable questions about vulnerabilities elsewhere across federal systems.

The leak also highlights a growing problem facing organizations worldwide: accidental exposure of secrets through platforms like GitHub. Developers and employees frequently upload repositories containing hardcoded credentials, API keys, or internal files without realizing the risks. Cybersecurity firms increasingly rely on automated scanning tools to detect these exposures before hackers exploit them.

For now, officials insist there is no evidence the credentials were abused. But the reputational damage to CISA may already be significant. An agency created specifically to defend the United States from digital threats is now at the center of one of the most embarrassing cybersecurity mistakes of the year a mistake many experts believe should never have happened in the first place.