GitGuardian discovered a public GitHub repository named 'Private-CISA' on May 14, 2026, containing 844 MB of sensitive CISA data including plain-text passwords, AWS tokens, Kubernetes configs, ArgoCD files, and Entra ID SAML certificates — some credentials still active. The data had been exposed since November 2025. GitGuardian's Good Samaritan program had already sent nine emails to the commit author before the formal report. After filing through CERT/CC and leveraging personal contacts including Brian Krebs, CISA was reached directly and took the repository offline within 26 hours of formal disclosure. The incident highlights dangerous practices: plain-text secrets in Git, backups committed to repositories, and explicit instructions to disable GitHub's secret scanning.
Sort: