:

CISA CONTRACTOR LEAKED AWS GOVCLOUD KEYS ON GITHUB

DEV DESK2 MIN READ
MON, MAY 18, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

A CISA contractor publicly exposed AWS GovCloud credentials and internal system details on GitHub until this past weekend. Security experts called it one of the most serious government data leaks in recent history.

A public GitHub repository maintained by a Cybersecurity & Infrastructure Security Agency (CISA) contractor contained highly privileged AWS GovCloud account credentials and access details to numerous internal CISA systems. The exposed archive included sensitive files documenting CISA's internal software build, test, and deployment processes. Security researchers identified the repository as containing some of the most critical infrastructure credentials available to a U.S. government agency. The leaked GovCloud accounts provide access to government-only AWS infrastructure used for classified and sensitive operations. Credentials for multiple privileged accounts remained publicly accessible until the repository was discovered and removed this past weekend. Beyond the cloud credentials, the repository exposed architectural documentation and operational procedures for CISA systems. This combination of credentials and technical details gave potential attackers both access and a roadmap to exploit government infrastructure. CISA, the federal agency responsible for cybersecurity and infrastructure protection, has not yet released a public statement about the incident or its scope. The agency typically handles credential compromise by immediately revoking exposed keys and auditing access logs for unauthorized activity. The leak raises questions about security practices within government contracting relationships and code repository management. Standard practices recommend scanning repositories for credentials before uploading, using separate development and production keys, and restricting repository access. This incident ranks among the most significant government data exposures in recent years. Previous notable leaks include exposure of military communications and federal employee information, though direct access to privileged cloud infrastructure represents an unusual level of operational risk. No indication of unauthorized access has been confirmed. CISA declined to comment on whether any malicious activity occurred during the window the credentials were public.

■ SOURCES

Krebs on SecurityHacker News

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Surveillance technology company Flock Safety did not issue a cease-and-desist letter to The Saturday Salon, a Newport Beach lecture series, despite claims posted on Instagram Thursday. The incident reignites debate over the company's practices and relationship with law enforcement.

1H AGOSecurity Desk

The US Cybersecurity and Infrastructure Security Agency revealed it lacked a prepared incident response plan during a recent security event, forcing it to develop procedures in real time.

1H AGOSecurity Desk

Research reveals that terrorist group Boko Haram is leveraging advanced AI technologies to enhance operational capabilities. A new report documents how the organization has integrated frontier AI systems into recruitment, planning, and execution efforts.

3H AGOAI Desk

Researchers have discovered six vulnerabilities in U-Boot, a bootloader used across millions of devices, that could allow attackers to execute malicious code during device startup. The flaws could enable persistent malware installation while bypassing security protections.

3H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.