CISA contractor leaks AWS keys - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  CISA contractor leaks AWS keys
De:       Mike Powell
Data:     Wed, 20 May 2026 09:49:50 -0500
-----------------------------------------------------------
 So, are they really this incompetent, or are they doing it on purpose?

CISA contractor apparently leaked 'highly sensitive' government AWS keys on 
Github

Date:
Tue, 19 May 2026 15:20:00 +0000

Description:
The leak was so bad, researchers initially thought it was a joke.

FULL STORY
Researchers have revealed
details on what they called, one of the most egregious government data leaks 
in recent history involving some potentially incredibly sensitive US 
government information. 

Security researcher Guillaume Valadon reached out to KrebsOnSecurity to help 
contact a person in charge of a public GitHub repository. This person, who 
was not responding to messages, was operating a GitHub repository called 
Private-CISA which contained, among other things:
                           
AWS GovCloud administrative credentials for three accounts
AWS access keys
AWS tokens (including importantAWStokens file)
Plaintext usernames and passwords for internal CISA systems
AWS-Workspace-Firefox-Passwords.csv containing login credentials
Credentials for internal system LZ-DSO (Landing Zone DevSecOps)
Internal CISA/DHS system authentication credentials
Credentials for internal Artifactory (software repository)

SSH keys exposed in a public repository -- "The worst leak in my
career" Valadon said the archive detailed how CISA builds and deploys 
software internally and that, in general, it is the worst leak that Ive 
witnessed in my career. 

In a letter shared with KrebsOnSecurity , Valadon said he first thought the 
entire database was fake, given the sensitivity of the files found inside. It 
is obviously an individuals mistake, but I believe that it might reveal 
internal practices, he said. 

Multiple security researchers confirmed the authenticity of the leak and said 
that at least some of the credentials found inside worked. They managed to 
get the repository locked down after getting in touch with the US 
Cybersecurity and Infrastructure Security Agency (CISA), who confirmed it was 
looking into the matter: 

"Currently, there is no indication that any sensitive data was compromised as
a result of this incident," the CISA spokesperson allegedly wrote. "While we
hold our team members to the highest standards of integrity and operational 
awareness, we are working to ensure additional safeguards are implemented to 
prevent future occurrences."

The researchers later established that the repository was maintained by a 
government contractor called Nightwing, which declined to comment and 
directed all inquiries to CISA. It is unknown for how long the repository 
remained open, but it was created in mid-November 2025, and chances are it 
was unlocked since inception.

Link to news story:
https://www.techradar.com/pro/security/cisa-contractor-apparently-leaked-highl
y-sensitive-government-aws-keys-on-github

$$
--- MultiMail/DOS
 * Origin: Capitol City Hub (1:2320/105)

-----------------------------------------------------------
[Voltar]