CISA left 844 MB of plaintext passwords and AWS tokens on public GitHub for six months

Published: 20 May 2026
Last updated: 21 May 2026
CISA
Image by jackpress | Shutterstock
Listen to this article

Security researchers at GitGuardian have discovered login credentials for the US Cybersecurity and Infrastructure Security Agency (CISA).

Key takeaways:
  • CISA left 844 MB of plaintext passwords, AWS tokens, and credentials on public GitHub repository "Private-CISA" from November 2025 until May 14, 2026.
  • Repository contained "catalog of unsafe practices" including passwords like "platformname2025," explicit instructions to disable GitHub's secret scanning, and backups committed to Git.
  • Exposed material revealed cloud infrastructure, deployment workflows, Kubernetes manifests, Terraform code, and references to AWS accounts – maintained by contractor "Nightwing" in Dulles, Virginia.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

On a public GitHub repository called “Private-CISA,” they found 844 MB of plaintext passwords, Amazon Web Services (AWS) tokens, and Entra ID SAML certifications belonging to CISA.

ADVERTISEMENT

The repository also contained confidential information such as CI-CD build logs, Kubernetes manifests, Terraform infrastructure code, GitHub Actions workflows, internal documentation backups, and references to AWS accounts.

According to GitGuardian, the cybersecurity firm that discovered the login credentials on May 14th, the exposed material provided a detailed view into cloud infrastructure, deployment workflows, software supply-chain tooling, and internal operational practices.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“Personal documents, hostnames, and the careful organization of the files changed our minds. The repository was a catalog of unsafe practices: plaintext passwords, backups committed to Git, and explicit instructions to disable GitHub's secret scanning,” the researchers said.

The classified information has been exposed since November 2025. When GitGuardian contacted CISA about the breach, the cybersecurity agency pulled the information offline within 26 hours.

“Currently, there is no indication that any sensitive data was compromised as a result of this incident. While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences,” a CISA spokesperson told cybersecurity expert Brian Krebs.

According to Krebs, the CISA repository was maintained by an employee named Nightwing, an alias for a government contractor based in Dulles, Virginia.

The security expert says the CISA repository contained easily guessed passwords for several internal resources. The passwords consisted of a platform’s name followed by the current year. Such practices pose a serious security threat to any organization, Krebs argues.

ADVERTISEMENT

Due to a reorganization in February 2026, CISA has lost approximately one-third of its total workforce.

FAQ

Is the CISA exam hard?

The CISA exam is generally considered challenging, with pass rates typically around 50-60%. It covers five broad domains of IT audit and security, requiring both theoretical knowledge and practical experience, with most candidates needing 150-200 hours of study preparation. ISACA recommends at least five years of professional work experience before attempting the exam, though proper preparation can significantly improve your chances of passing.

Why is CISA important?

CISA is the United States' national cyber defense agency, responsible for protecting critical infrastructure like energy grids, hospitals, and communication networks from cyber and physical threats. The agency coordinates cybersecurity efforts across government and private sectors, provides threat intelligence and incident response, and protects essential services including elections and government systems that Americans depend on daily.

Does the CISA certification expire?

CISA certification does not expire as long as you maintain it by meeting ongoing requirements. You must earn a minimum of 20 CPE (Continuing Professional Education) hours annually and 120 CPE hours every three years, while also paying annual maintenance fees to ISACA. If you fail to meet these requirements, your certification can be revoked but may be eligible for reinstatement.

FAQ by nexos.ai, reviewed by Cybernews staff.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked