CISA Contractor Left AWS Admin Credentials Exposed On Public GitHub

The incident prompted swift scrutiny from lawmakers.

Published on Jul 13, 2026
Akshaya Asokan Written by Akshaya Asokan
CISA Contractor Left AWS Admin Credentials Exposed on Public GitHub

The US cyber agency said on July 9 it took down a GitHub repository belonging to a contractor that leaked sensitive cloud credentials.

The internal incident response action started on May 15,  with CISA removing an exposed repository that contained CISA Amazon Web Services GovCloud keys and other data that were publicly accessible.

“Within moments of receiving this information, CISA’s Office of the Chief Information Officer took swift and comprehensive action to mitigate any exposure to CISA’s cloud resources and code repositories,” CISA said.

CISA learned of the exposed repository after being notified by independent security journalist Brian Krebs and pen-testing firm Seralys, who disclosed the GitHub account was used by an employee at a Virginia-based company called Nightwing.

The exposed files included “importantAWStokens,” which contained administrative credentials to three Amazon AWS GovCloud servers, as well as another file titled “AWS-Workspace-Firefox-Passwords.csv,” that contained plaintext usernames and passwords for CISA’s internal system, Krebs reported.

Seralys’ founder Philippe Caturegli told Krebs the exposed credentials were high-privileged, and that threat actors could have used them to authenticate the AWS GovCloud accounts. This would have allowed hackers access to CISA’s internal code system and maintain persistent access.

CISA revoked access for the contractor, who had used the repository to create cloud infrastructure autonomously.

CISA added that no customer or mission-critical data was exposed and that the credentials have not been used outside of CISA’s build environment by any unknown entities. The agency also took further preventive measures such as limiting users’ ability to upload to code repositories.

“CISA strategically identified further logging opportunities while conducting the incident response and has since implemented those additions to enhance visibility,” the agency said.

Personnel Change At CISA Worries Some In The Industry

The development comes in the wake of continued disruption at the agency under the second Trump administration, which has significantly reduced CISA’s funding and workforce. The departure of former CISA Director, Jen Easterly, in January 2025, as well as other high-profile leaders, have prompted concerns about the agency’s ability to conduct its operations coherently.

The latest data leak has added to the ongoing concerns. Lawmakers had already written to Acting Director Nick Andersen in May, before CISA’s public statement, seeking further clarification on the leak.

“We worry that a substantially reduced workforce, coupled with the Administration’s indifference to security, created the conditions that allowed such a significant security lapse to occur. Moreover, we are concerned that the incident undermines CISA’s credibility,” the lawmakers wrote.

The lawmakers further sought assurances from Andersen that his organization will take the latest incident “seriously” and it will fully evaluate the “security consequences of this lapse to prevent anything like it from happening again.”

This field is for validation purposes and should be left unchanged.

FREE NEWSLETTER

Cyber Weekly

Get curated cybersecurity news, threats and insights delivered free every Thursday.

Written By Written By
Akshaya Asokan
Akshaya Asokan Freelance Journalist

Akshaya Asokan is a U.K.-based cybersecurity and technology journalist with experience covering nation‑state hacking operations, cyber and tech policy, and emerging cybercrime trends. She previously served as the senior European cybersecurity correspondent for Information Security Media Group’s Global News Desk. Before that, she reported on IT developments for IDG Media and covered artificial intelligence and machine learning for Analytics India Magazine. Earlier in her career, she wrote on sexual and religious minority rights as a reporter for The New Indian Express.