US cyber agency CISA exposed reams of passwords and cloud keys to the open web - BERITAJA
By: Albert Michael - Tuesday, 19 May 2026 22:06:42 • 3 min read
US cyber agency CISA exposed reams of passwords and cloud keys to the open web - BERITAJA is one of the most discussed topics today. In this article, you will find a clear explanation, key facts, and the latest updates related to this topic, presented in a concise and easy-to-understand way. Read more news on Beritaja.
Image Credits:Thomas Fuller / SOPA Images / LightRocket / Getty Images8:06 AM PDT · May 19, 2026
U.S. cybersecurity agency CISA whitethorn person escaped a sizable information breach, acknowledgment to a good-faith information interrogator who identified publically exposed credentials that allowed entree to authorities unreality and soul agency systems.
As first reported by independent information newsman Brian Krebs, GitGuardian information interrogator Guillaume Valadon recovered reams of exposed plaintext credentials listed successful spreadsheets, which had been made publically accessible successful a GitHub repository by an worker moving for a CISA contractor.
Valadon told Krebs that the exposed credentials were utilized for accessing systems belonging to CISA and its genitor agency, the Department of Homeland Security. Valadon said the credentials included entree tokens, unreality keys, and different delicate files. Valadon told Krebs that he tested immoderate of the keys to verify that they were valid.
He past reported the lapse to Krebs because the CISA contractor who maintained the GitHub situation did not respond to their alerts.
The information lapse is peculiarly embarrassing for CISA because the U.S. authorities agency is responsible for cybersecurity crossed the civilian national network. The statement besides advises connected champion cybersecurity practices, which includes storing passwords successful secured password managers and not successful unprotected spreadsheets.
It’s not clear if anyone recovered aliases utilized the credentials different than Valadon. When reached by TechCrunch, a CISA spokesperson did not instantly remark aliases opportunity if the agency has immoderate grounds of a breach stemming from this exposure. TechCrunch asked if the agency has revoked and replaced the exposed credentials pursuing the incident.
While the incident was traced backmost to an worker moving for a CISA contractor, CISA is yet responsible for the information of its ain web and systems, including contractors who activity for the agency.
CISA has been without a imperishable head since January 20, 2025, erstwhile then-CISA head Jen Easterly stepped down up of the commencement of the incoming Trump administration. CISA has besides mislaid about a 3rd of its workforce pursuing cuts, furloughs, and layoffs since Trump took office.
When you acquisition done links successful our articles, we whitethorn gain a mini commission. This doesn’t impact our editorial independence.
Zack Whittaker is the information editor astatine TechCrunch. He besides authors the play cybersecurity newsletter, this week successful security.
He could beryllium reached via encrypted connection astatine zackwhittaker.1337 connected Signal. You could besides interaction him by email, aliases to verify outreach, astatine zack.whittaker@beritaja.com.
Related News
Subscribe
This article discusses US cyber agency CISA exposed reams of passwords and cloud keys to the open web - BERITAJA in detail, including key facts, recent developments, and important insights that readers are actively searching for online.
