{"id":216058,"date":"2026-05-18T21:31:00","date_gmt":"2026-05-19T01:31:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/18\/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github\/"},"modified":"2026-05-19T00:20:08","modified_gmt":"2026-05-19T04:20:08","slug":"the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/18\/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github\/","title":{"rendered":"\u2018The Worst Leak That I\u2019ve Witnessed\u2019: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub"},"content":{"rendered":"<p><a href=\"https:\/\/gizmodo.com\/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330\">\u2018The Worst Leak That I\u2019ve Witnessed\u2019: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub<\/a><\/p>\n<p><a href=\"https:\/\/gizmodo.com\/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330\">https:\/\/gizmodo.com\/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-18 21:31:00<\/a><\/p>\n<p>Source Domain: <a href=\"gizmodo.com\">gizmodo.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n                The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been leaving the digital keys to its own cloud storage accounts sitting out in the open, in plain text form, for some unknown amount of time, according to a report from Krebs on Security. The problem finally got fixed over the weekend, the report says. Surely the secret information was buried in some obscure folder with an inscrutable name, I hear you saying. The repository was reportedly named \u201cPrivate-CISA.\u201d But there\u2019s no way the contents were that sensitive, you object. But the contents included passwords, keys, and tokens\u2014and the passwords were plain text in a .CSV file. CISA gave a statement to Krebs, saying the following:  \u201cCurrently, there is no indication that any sensitive data was compromised as a result of this incident[\u2026] While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.\u201d  Since the repository was created in November of last year, the duration of the vulnerability seems to have been about six months\u2014but it could have been much shorter depending on what information as added when.<\/p>\n<p> To refresh your memory, CISA is a relatively new branch of the Department of Homeland Security that has had an overall rough time during Trump 2.0, even though, by signing it into law in 2018, Trump actually midwifed CISA into existence during Administration 1.0, and sorry about the tangent, but Trump\u2019s speech to mark the occasion was an exceptional example of Trump poetry, including excerpts like this one:<\/p>\n<p>  \u201cThe cyber battlespace evolves \u2014 and it is evolving, and unfortunately, faster than a lot of people want to talk about. But battlespace it is. So as the cyber battlespace evolves, this new agency will ensure that we confront the full range of threats from nation-states, cyber criminals, and other malicious actors, of which there are many.\u201d\u00a0  Incontestably true, Mister President. Battlespace it is. Anyway, Trump was enraged by information provided by CISA leadership during the period between the 2020 election and January 6, 2021 when he was on a mission to have the election results overturned in his favor. He fired the CISA director he appointed, and since taking office again, his CISA has been a chaotic farce. Neither of the acting directors he\u2019s appointed so far have been confirmed by the Senate, and Trump has recently sought to drastically cut CISA\u2019s funding. Now, to add to CISA\u2019s worries, it seems, according to one interpretation from the Krebs report on what was in the repository, an individual employee working for a government contractor called Nightwing was using Github to move material from a work device to a home device\u2014sorta like emailing documents to yourself, but somehow even less secure than that.<\/p>\n<p> I\u2019m no expert on federal Cybersecurity, but this from Krebs sounds like stuff we as citizens don\u2019t want our government leaking:  \u201cOne of the exposed files, titled \u2018importantAWStokens,\u2019 included the administrative credentials to three Amazon AWS GovCloud servers. Another file exposed in their public GitHub repository \u2014 \u2018AWS-Workspace-Firefox-Passwords.csv\u2019 \u2014 listed plaintext usernames and passwords for dozens of internal CISA systems. According to Caturegli, those system[s] included one called \u2018LZ-DSO,\u2019 which appears short for \u2018Landing Zone DevSecOps,\u2019 the agency\u2019s secure code development environment.\u201d  Kreb\u2019s source about the information left out in the open was Guillaume Valadon of GitGuardian, a company that scans GitHub for secrets, meaning his business is finding situations like this one. Valadon told Krebs it was \u201cthe worst leak that I\u2019ve witnessed in my career.\u201d<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u2018The Worst Leak That I\u2019ve Witnessed\u2019: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in&#8230;<\/p>\n","protected":false},"author":1,"featured_media":216059,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/gizmodo.com\/app\/uploads\/2025\/11\/DHS-homeland-security-sign-1200x675.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-216058","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216058"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=216058"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216058\/revisions"}],"predecessor-version":[{"id":216060,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216058\/revisions\/216060"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/216059"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=216058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=216058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=216058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}