Skip to main content

mastodon - Link to source

Check it: Sen. Maggie Hassan (D-NH) is demanding answers from CISA and DHS over my reporting this week that a CISA contractor had published on GitHub a number of CISA AWS GovCloud keys and a ton of plaintext passwords, SSH keys, etc. for internal CISA resources.

ICYMI:

krebsonsecurity.com/2026/05/ci…

hassan.senate.gov/news/press-r…

#cisa #cybersecurity #databreach

MAGGIE HASSAN ABOUT SERVICES NEWS CONTACT Q ( Newsierres UNITED STATES SENATOR FOR NEW HAMPSHIRE J—— 05.19.2026 Answers on Major Reported Data Leak at Leading Cybersecurity Hassan: “This reported incident raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches” WASHINGTON - U.S. Senator Maggie Hassan (D-NH), a senior member of the Senate Homeland Security Committee, is pressing for answers following public reporting that a contractor for the Cybersecurity and Infrastructure Security Agency (CISA) maintained lists of agency accounts and passwords on a public database. Senator Hassan issued a request for an urgent classified briefing from the agency, which is part of the Department of Homeland Security. “This reported incident raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches,” wrote Senator Hassan in her request. “This reporting raises serious concerns regarding CISA’s internal policies and procedures at a time of significant cybersecurity threats against U.S. critical infrastructure... The alleged data leak has also occurred against the backdrop of major disruptions internally at CISA.”
A PDF of a letter frm Sen. Hassan to Nick Andersen, the acting director of CISA: I write to request an urgent classified briefing regarding public reporting that a contractor for the Cybersecurity and Infrastructure Security Agency (CISA) maintained lists of agency accounts and passwords on a public database.1 This reported incident raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches. According to a recent report from Krebs on Security, this leak included files that detailed how CISA builds, tests, and deploys software internally in a folder called “PrivateCISA.”2 Exposed files reportedly included a file named “importantAWStokens,” with the administrative credentials to three Amazon Web Services (AWS) servers, and one named “AWS-Workspace-Firefox-Passwords.csv,” with plaintext usernames and passwords for multiple internal systems.3 Security experts cited in recent reporting have described this security lapse as “one of the most egregious government data leaks in recent history.”4 This reporting raises serious concerns regarding CISA’s internal policies and procedures at a time of significant cybersecurity threats against U.S. critical infrastructure. 1 Brian Krebs, CISA Admin Leaked AWS GovCloud Keys on Github, Krebs on Security (blog) (May 18, 2026) (krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-ongithub/).

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA …
krebsonsecurity.com
#cybersecurity #databreach #cisa
This entry was edited (4 days ago)