CISA Admin Leaked AWS GovCloud Keys on Github

Key Points:

• A contractor for CISA accidentally exposed highly sensitive AWS GovCloud credentials and internal system access details on a public GitHub repository, representing a significant data leak.
• The leak potentially impacts multiple internal CISA systems, including a secure code development environment, and may allow unauthorized access to critical resources.
• Immediate actions include revoking the exposed credentials, conducting a thorough investigation, and implementing stricter security protocols to prevent future incidents.

Technical Details: The exposed repository contained plaintext passwords, AWS keys, and other sensitive information. The GitHub account was created in September 2018, with the repository itself established on November 13, 2025. Despite being taken offline shortly after notification, some AWS keys remained valid for an additional 48 hours.

MITRE ATT&CK Techniques:

• None mentioned

IOCs Mentioned:

• None mentioned