CISA Contractor Leaked AWS GovCloud Keys

A CISA contractor's public GitHub repository exposed highly sensitive credentials, including access keys to AWS GovCloud accounts and internal agency systems.

A contractor for the Cybersecurity and Infrastructure Security Agency (CISA) inadvertently exposed sensitive credentials on a public GitHub repository. The repository contained access keys for several highly privileged AWS GovCloud accounts and numerous internal CISA systems. The leak was first reported to KrebsOnSecurity on May 15 by a security researcher and was publicly accessible until the preceding weekend.

Security experts describe this as one of the most significant government data leaks in recent memory. The public archive didn't just contain credentials; it also included detailed files explaining how CISA builds, tests, and deploys its internal software. This information could provide malicious actors with a roadmap to the agency's internal infrastructure and development practices, posing a substantial security risk. The exposure of GovCloud keys is particularly concerning, as this environment is designed to host sensitive government data.

This incident highlights the critical importance of secure software development practices, especially within government agencies responsible for national cybersecurity. It underscores the risks associated with public code repositories and the need for stringent oversight of contractor activities and their access to sensitive information. The focus will now be on assessing the full extent of the exposure and mitigating any potential damage from the leaked credentials and internal documentation.