CISA Dodges Potential Breach After Researcher Discovers Exposed Credentials
A security researcher uncovered a significant lapse in U.S. cybersecurity practices after discovering publicly exposed credentials that could have granted access to CISA’s cloud and internal systems. Guillaume Valadon of GitGuardian found plaintext credentials including access tokens and cloud keys stored in unprotected spreadsheets within a GitHub repository maintained by a CISA contractor.
Valadon verified the validity of some keys before reporting the issue to journalist Brian Krebs after the contractor failed to respond to alerts. The exposed credentials could have provided entry to systems belonging to CISA and its parent agency, the Department of Homeland Security.
The incident is particularly notable given CISA’s role in securing federal civilian networks and promoting cybersecurity best practices including proper credential management. It remains unclear whether malicious actors accessed the credentials before their discovery.
CISA has not confirmed whether the exposed credentials were revoked or if any breach occurred. While the lapse originated from a contractor, CISA retains ultimate responsibility for securing its systems. The agency has operated without a permanent director since January 20, 2025, following the departure of former director Jen Easterly, and has faced workforce reductions under the current administration.
Cybersecurity and Infrastructure Security Agency cybersecurity rating report: https://www.rankiteo.com/company/cisagov
"id": "CIS1779207877",
"linkid": "cisagov",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Cybersecurity',
'location': 'United States',
'name': 'Cybersecurity and Infrastructure Security '
'Agency (CISA)',
'type': 'Government Agency'}],
'attack_vector': 'Publicly Exposed Credentials',
'data_breach': {'file_types_exposed': 'Spreadsheets',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Access tokens, cloud keys'},
'description': 'A security researcher uncovered publicly exposed credentials '
'that could have granted access to CISA’s cloud and internal '
'systems. The credentials, including access tokens and cloud '
'keys, were found in unprotected spreadsheets within a GitHub '
'repository maintained by a CISA contractor. The exposed '
'credentials could have provided entry to systems belonging to '
'CISA and its parent agency, the Department of Homeland '
'Security.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'lapse in cybersecurity best practices',
'systems_affected': 'CISA’s cloud and internal systems, Department '
'of Homeland Security systems'},
'lessons_learned': 'Importance of proper credential management and securing '
'third-party repositories',
'post_incident_analysis': {'root_causes': 'Improper credential storage in '
'unprotected spreadsheets within a '
'GitHub repository maintained by a '
'contractor'},
'recommendations': 'Revoking exposed credentials, enforcing stricter access '
'controls, and improving contractor oversight',
'references': [{'source': 'Brian Krebs (Journalist)'},
{'source': 'GitGuardian (Guillaume Valadon)'}],
'title': 'CISA Dodges Potential Breach After Researcher Discovers Exposed '
'Credentials',
'type': 'Credential Exposure',
'vulnerability_exploited': 'Improper Credential Management'}