Security · 2h ago
CISA Contractor Leaked AWS GovCloud Keys on GitHub for 6 Months
CISA's postmortem reveals a contractor exposed dozens of internal credentials, including AWS GovCloud keys, in a public GitHub repo for nearly six months before KrebsOnSecurity flagged it. The agency's delayed response highlights gaps in monitoring and incident handling. Experts urge security teams to tighten controls on third-party access and credential scanning.
Meridian48 take
The leak underscores how even top cybersecurity agencies struggle with basic credential hygiene and slow incident response.
cisa-leakgithub-credentials