HomeIntelligenceBrief
BREACH BRIEF🔴 Critical Breach

CISA Contractor Leaks AWS GovCloud Credentials on Public GitHub

A CISA contractor accidentally published privileged AWS GovCloud access keys, plaintext passwords, and internal configuration files in a public GitHub repository, exposing critical government cloud assets and underscoring third‑party secret‑management risks.

LiveThreat™ Intelligence · 📅 May 19, 2026· 📰 krebsonsecurity.com
🔴
Severity
Critical
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
krebsonsecurity.com

CISA Contractor Exposes AWS GovCloud Credentials on Public GitHub

What Happened – A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that inadvertently published highly‑privileged AWS GovCloud access keys, plaintext passwords, tokens, and internal configuration files. The repository was discovered by GitGuardian researchers and subsequently removed.

Why It Matters for TPRM

  • Exposure of privileged cloud credentials can enable attackers to access sensitive government workloads.
  • Demonstrates the risk of third‑party contractors mishandling secrets in public code repositories.
  • Highlights the need for continuous monitoring of supplier code assets for secret leakage.

Who Is Affected – Federal government agencies, cloud‑hosting providers (AWS GovCloud), and any downstream vendors that integrate with CISA’s cloud environments.

Recommended Actions

  • Review all third‑party contracts for mandatory secret‑management policies.
  • Enforce GitHub secret‑scanning and disable the ability to publish secrets publicly.
  • Rotate all exposed AWS keys and passwords immediately; audit for any unauthorized access.

Technical Notes – The leak stemmed from a disabled GitHub secret‑detection feature, allowing SSH keys, AWS access keys, and plaintext CSV password files to be committed. No specific CVE is involved; the issue is a classic misconfiguration and poor secret‑handling practice. Source: Krebs on Security

📰 Original Source
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →