US cyber defense agency left GitHub repo exposed with passwords

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) inadvertently left a GitHub repository exposed that contained plaintext passwords and other sensitive credentials, raising significant concerns about internal security practices at the nation’s top cyber defense agency.

The repository, which was publicly accessible for an unknown period, stored login credentials, authentication tokens, and other privileged access data in an unencrypted format. Security researchers discovered the exposure and reported it before any known malicious exploitation occurred. CISA confirmed the incident and stated that it has since removed the exposed repository and initiated a review of its internal code management and secrets handling procedures.

This lapse is particularly troubling because CISA is responsible for guiding federal agencies and critical infrastructure operators on cybersecurity best practices, including the secure storage of credentials. The incident highlights a common but dangerous oversight: developers embedding hardcoded passwords and API keys directly into source code or configuration files that are then pushed to public repositories.

Experts warn that such exposures can allow attackers to escalate privileges, move laterally within networks, or exfiltrate sensitive data if the credentials grant access to internal systems. While CISA has not detailed the full scope of what was exposed, the agency emphasized that no operational systems were compromised as a result of this incident.

The breach serves as a stark reminder that even the agencies tasked with defending against cyber threats are not immune to basic security hygiene failures. It underscores the need for automated secrets scanning, credential rotation policies, and strict access controls on development platforms across all organizations, public or private.