Close Menu
    Facebook X (Twitter) Instagram
    Tuesday, July 14
    • Home
    • About Us
    • Contact Us
    • Submit Your Story
    • Terms of Use
    • Privacy Policy
    Facebook X (Twitter) Instagram
    Fortune Herald
    • Business
    • Finance
    • Politics
    • Lifestyle
    • Technology
    • Property
    • Business Guides
      • Guide To Writing a Business Plan UK
      • Guide to Writing a Marketing Campaign Plan
      • Guide to PR Tips for Small Business
      • Guide to Networking Ideas for Small Business
      • Guide to Bounce Rate Google Analyitics
    Fortune Herald
    Home»Business»CISA GitHub Credentials Leak Exposes 844 MB of Passwords and Cloud Keys
    CISA GitHub credentials leak
    Business

    CISA GitHub Credentials Leak Exposes 844 MB of Passwords and Cloud Keys

    Funke AdeyemiBy Funke Adeyemi14/07/2026No Comments4 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email

    The CISA GitHub credentials leak that rattled the US cybersecurity community in May 2026 was not just an embarrassing data exposure: it was a window into an agency that, by its own admission, had no clear process for handling exactly this kind of crisis.

    A contractor’s employee had uploaded 844 MB of plaintext passwords, Amazon Web Services tokens, and Entra ID SAML certificates to a public GitHub repository named ‘Private-CISA’, where they sat exposed since at least November 2025. The repository’s administrator had explicitly disabled GitHub’s default secret-scanning protections, according to Guillaume Valadon of cybersecurity firm GitGuardian.

    The credentials covered systems belonging to both the Cybersecurity and Infrastructure Security Agency (CISA) and its parent body, the Department of Homeland Security.

    How the CISA GitHub Credentials Leak Was Discovered and Contained

    GitGuardian found the exposed repository on 14 May 2026 and filed a report through the CERT/CC portal at 4:14 PM CET. The firm also reported it directly to CISA on 15 May 2026. The ‘Private-CISA’ repository was taken offline the same day, less than 26 hours after initial discovery.

    Independent researcher Philippe Caturegli, founder of Seralys, tested the credentials before they were revoked and was able to gain access to multiple Amazon Web Services GovCloud accounts ‘at a high privilege level,’ according to the Ars Technica account of the incident.

    The repository was, in GitGuardian’s description, ‘a catalog of unsafe practices’: passwords such as ‘platformname2025’, explicit instructions to disable GitHub’s secret scanning, and backup files committed directly to version control. The researcher originally tried to alert the contractor responsible, heard nothing, and only reached CISA after cybersecurity journalist Brian Krebs made contact on the agency’s behalf.

    CISA revoked and replaced all exposed credentials. Spokesperson Marco DiSandro told TechCrunch the agency was ‘aware of the reported exposure and is continuing to investigate the situation,’ adding there was ‘no indication that any sensitive data was compromised as a result of this incident.’ CISA also said that no customer or mission data was exposed, and thanked the researcher and journalist for their assistance. A fuller account of the 844 MB exposure was published by Cybernews.

    An Agency Building the Playbook as the Fire Burns

    CISA’s own post-incident statement carried a candid admission: the agency’s channels for allowing security researchers to report potential incidents ‘were not well defined.’ Changes have since been made to make it easier and faster for researchers to make contact.

    That acknowledgement arrives at an uncomfortable moment for an agency whose core mission is helping others avoid precisely these failures. The CISA GitHub credentials leak drew attention not only because of what was exposed, but because of the bureaucratic gap it revealed: the national body responsible for federal cybersecurity guidance had no settled incident-response pathway for inbound researcher disclosures.

    The agency has been without a permanent director since January 2025, when President Donald Trump’s second term began. Budget pressure has compounded the leadership vacuum. According to figures cited by Metaintro, sourcing the New York Times, CISA’s workforce fell from roughly 3,400 employees at the start of fiscal year 2025 to roughly 2,400 by December, driven by layoffs, voluntary buyouts, and early retirements. Key programmes including the Election Security Programme and Cyber Defence Education and Training have been eliminated or severely reduced, totalling more than $84 million in cuts.

    Axios reported that the Department of Homeland Security laid off approximately 176 CISA employees in October 2025. At a workforce level of roughly 2,500 at the time, that round of cuts alone accounted for about 7% of the agency’s staff.

    The episode presents Congress with a pointed question ahead of any reauthorisation debate: whether an agency trimmed to this degree can realistically maintain the institutional processes, let alone the workforce capacity, to manage disclosures from the very researchers it depends on to catch its own blind spots. The next permanent director will inherit that answer on day one.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Funke Adeyemi

    Funke Adeyemi spent a decade in corporate banking and fintech before moving to business journalism. She started in trade finance at a major UK bank, moved to a payments company scaling into African markets, and spent her last role leading partnerships at a cross-border remittance platform. She writes about business strategy, fintech, digital banking, and the corporate news that moves markets. She is interested in how companies actually make money rather than how they describe making money in investor presentations. Funke lives in South London. She reads earnings calls the way other people listen to podcasts, and finds them about as reliable.

    Related Posts

    Fizz Files Sidechat Investor Leak Claim Against Maveron Partner

    14/07/2026

    Oratomic Series A Funding of $300M Bets on a 20,000-Qubit Path to Fault-Tolerant Quantum Computing

    13/07/2026

    Dixon-Vivo Joint Venture Clears India’s Scrutiny, Signalling a New Template for Chinese Brands

    13/07/2026
    Leave A Reply Cancel Reply

    Fortune Herald Logo

    Connect with us

    FortuneHerald Logo

    Home   About Us   Contact Us   Submit Your Story   Terms of Use   Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.