Cybersecurity

US Government Credentials Leaked on GitHub

TL;DR: A contractor's public GitHub repository accidentally exposed sensitive credentials. The leak included access keys for US government AWS accounts and internal systems for the Cybersecurity and Infrastructure Security Agency (CISA). A researcher from GitGuardian discovered the exposure, which was then reported by security journalist Brian Krebs.

By Neeraj DhimanCIO.com2h ago1 min readupdated 2h ago

Source

Key facts

Category: Cybersecurity
Impact: Low
Published: 2h ago
Source: CIO.com

Full summary

A contractor's public GitHub repository exposed credentials for US government AWS accounts and internal systems belonging to the CISA.

A public GitHub repository managed by a contractor was recently found to contain highly sensitive credentials. The exposed data included access keys for US government AWS accounts, specifically the isolated GovCloud environment, and internal systems for the Cybersecurity and Infrastructure Security Agency (CISA). The discovery was made by Guillaume Valadon, a researcher at the security firm GitGuardian, who then tipped off cybersecurity reporter Brian Krebs. According to the analysis, the repository's commit history and the account creator's own troubleshooting notes, which were also committed publicly, confirmed the nature and origin of the leak. The repository remained public for an unknown period before being addressed.

This incident highlights the significant security risks posed by third-party contractors and the improper use of public code repositories for sensitive projects. Exposing credentials for government cloud infrastructure and a key cybersecurity agency like CISA creates a major vulnerability. Such a leak could potentially allow unauthorized actors to gain access to critical government systems, sensitive data, and internal networks, posing a direct threat to national security operations. The event serves as a critical reminder for all organizations, especially those handling government or critical infrastructure data, to enforce strict security protocols for code management, secrets handling, and third-party vendor access. It underscores the vital importance of continuous monitoring for secret leaks in public-facing development environments.

Why it matters

This incident underscores the critical need for stringent security oversight of third-party contractors and highlights the persistent risk of secrets exposure in public code repositories, even for sensitive government projects.

Business impact

The exposure of government cloud and cybersecurity agency credentials creates a significant risk of unauthorized access, data breaches, and potential disruption to critical national infrastructure, severely damaging trust in government IT security practices.

Action checklist

1Scan all public and private repositories for exposed secrets.
2Implement pre-commit hooks to block secrets from being pushed.
3Enforce strict access controls and security policies for all contractors.
4Regularly audit third-party vendor access and code contributions.
5Use a dedicated secrets management solution instead of hardcoding credentials.