Cybersecurity

CISA Contractor Leaks AWS GovCloud Keys, Internal Systems on GitHub

May 24, 2026 1 min read Source: Schneier 9 views

A severe operational security lapse recently came to light involving a contractor for the Cybersecurity and Infrastructure Security Agency (CISA). This incident publicly exposed critical access credentials for highly secure government cloud environments and extensive internal infrastructure documentation. The revelation raises significant concerns about federal supply chain security practices and data hygiene.

The incident involved a CISA contractor maintaining an openly accessible code repository.
This public archive contained authentication keys for multiple high-privilege AWS GovCloud accounts.
Also present were comprehensive schematics on CISA's internal software development and operational deployment methods.

Intelligence briefing: Why this matters: Beyond the immediate compromise, this event underscores persistent vulnerabilities in contractor oversight and the cascading risks associated with inadequate credential management across critical national infrastructure.

Crazy <a href="https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/">story</a>:

<blockquote>Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.</blockquote>

News <a href="https://gizmodo.com/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330">article</a>.

Analysis

This exposure presents adversaries with an invaluable blueprint of CISA's internal architecture, potentially enabling sophisticated persistent access or future exploits. It serves as a stark reminder that even agencies tasked with securing the nation remain susceptible to fundamental operational security failures. This incident emphasizes the urgent need for enhanced vetting and continuous monitoring of third-party vendors within the defense ecosystem, as the broader strategic impact could compromise trust in government-held data and operational resilience.

cisaaws govcloudcybersecuritydata breachnational securitysupply chain securitygithub leakgovernment security

📰 Primary Source: Schneier