By Interestana AI Editorial — AI-drafted, human-overseen. How we report
CISA Details Lessons from GitHub Credential Leak

The Cybersecurity and Infrastructure Security Agency (CISA) has published a postmortem report detailing the lessons learned from a significant data leak that exposed dozens of internal CISA credentials, including AWS Govcloud keys, in a public GitHub repository. The leak remained undetected for nearly six months before being brought to CISA's attention by KrebsOnSecurity. Experts highlight the identified gaps in CISA's initial response as crucial takeaways for all security teams.
On May 15, 2026, the security firm GitGuardian alerted CISA to a public GitHub repository named "Private CISA," which contained 844 MB of sensitive data. Among the exposed files was "importantAWStokens," containing administrative credentials for three Amazon AWS GovCloud servers. Another file, "AWS-Workspace-Firefox-Passwords.csv," listed plaintext usernames and passwords for numerous internal CISA systems. CISA confirmed the alert but took over 48 hours to invalidate the compromised AWS keys and other secrets.
In its official report, CISA attributed the delay in key rotation to the complexity of its systems and their interconnections with federal and industry partners. The agency emphasized the importance of maintaining mature and well-tested key management capabilities. CISA also acknowledged the need for improvement in its response to security incident notifications from external parties. The postmortem stresses the necessity of clearly defined reporting channels to differentiate between incidents affecting the organization itself and those impacting its products or customers.
The report indicates that CISA's internal channels for handling such notifications were not sufficiently defined, leading the security researcher to attempt contact through multiple avenues, including direct email to a contractor and submission via CISA's vulnerability disclosure platform. This platform is intended for vulnerabilities affecting the broader cybersecurity ecosystem, not internal agency breaches. The incident underscores the critical need for robust internal security protocols and efficient incident response mechanisms within government agencies.
Original source — read the full reporting at the publisher:
Read on Krebs on SecurityGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.