Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

CISA credential leak raises alarms, and Capitol Hill demands answers

Representatives Bennie Thompson and Delia Ramirez have written to CISA’s acting director, Nick Andersen to demand a briefing on the matter. (Official photo of Nick Andersen / CISA)

By Tim Starks

Congress wants answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he’s ever seen.

Other security professionals also voiced concern Tuesday about the leak and the potential for abuse by any malicious parties who got a hold of the information.

Security firm GitGuardian said it discovered a public GitHub repository last week that exposed credentials for privileged AWS GovCloud accounts and internal CISA systems dating back to November. The repository, apparently maintained by a contractor, was named “Private-CISA.” 

Read more at CyberScoop

Click to listen highlighted text!