CISA: Publicly Exposed Passwords and Cloud Keys — A Cybersecurity Lesson

Colleagues, please note: a disclosure of exposed credentials granting access to CISA resources has been identified in the cybersecurity field.
In brief:
- A GitGuardian researcher found public spreadsheets on GitHub containing plaintext keys, tokens and files published by a CISA contractor employee.
- The researcher validated some keys; the contractor did not respond to notifications, and CISA has not yet commented on whether the data were used.
Why it matters: an agency that issues security guidance must demonstrate robust secret-storage practices and vendor oversight.
Which secret-management controls for contractors do you consider priorities?
#cybersecurity #CISA #security #DevSecOps


Latest comments
No comments yet.