Friendly forums for passionate Dems!
More than 94 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»CISA exposes files repres...
DU needs your support -- please contribute to this week's tip jar fund drive!
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

Swede

(40,070 posts) Tue May 19, 2026, 09:31 AM 8 hrs ago

CISA exposes files representing an egregious government data leak. Big oops.

Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

🚨 Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

Reset America (@reset-america.bsky.social) 2026-05-19T13:24:08.419Z

3 replies, 244 views
3 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
CISA exposes files representing an egregious government data leak. Big oops. (Original Post) Swede 8 hrs ago OP
Jesus H Christ on a cracker! LearnedHand 7 hrs ago #1
US Cybersecurity Agency leaves digital passwords stored in plain text. Kid Berwyn 5 hrs ago #2
Woopsie! ... OldBoss 1 hr ago #3

LearnedHand

(5,600 posts)
1. Jesus H Christ on a cracker!
Reply to Swede (Original post)
Tue May 19, 2026, 10:25 AM
7 hrs ago

I honestly don’t understand this. Government IT environments typically don’t let you choose your own passwords — ESPECIALLY for priveliged access — and they enforce random, complex passwords that are forced to change frequently. In addition, they typically require a hardware-based access key or token. And CISA is the federal agency charged with ensuring government systems are secure????

Kid Berwyn

(25,091 posts)
2. US Cybersecurity Agency leaves digital passwords stored in plain text.
Reply to Swede (Original post)
Tue May 19, 2026, 12:13 PM
5 hrs ago
‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub

Passwords were stored as plain text in a public GitHub repository.

by Mike Pearl
Gizmodo, May 18, 2026,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been leaving the digital keys to its own cloud storage accounts sitting out in the open, in plain text form, for some unknown amount of time, according to a report from Krebs on Security. The problem finally got fixed over the weekend, the report says.

Surely the secret information was buried in some obscure folder with an inscrutable name, I hear you saying. The repository was reportedly named “Private-CISA.”

But there’s no way the contents were that sensitive, you object. But the contents included passwords, keys, and tokens—and the passwords were plain text in a .CSV file.

CISA gave a statement to Krebs, saying the following:

“Currently, there is no indication that any sensitive data was compromised as a result of this incident[…] While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.”

Since the repository was created in November of last year, the duration of the vulnerability seems to have been about six months—but it could have been much shorter depending on what information as added when.

Continues...

https://gizmodo.com/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330

Thanks, Putin.

OldBoss

(88 posts)
3. Woopsie! ...
Reply to Swede (Original post)
Tue May 19, 2026, 04:59 PM
1 hr ago

This event is being excoriated in cyber security channels today.

Here’s a more technical article …

CISA Admin Leaked AWS GovCloud Keys on Github
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/#more-73607

Since January 2025 CISA has not had a Director (only Acting Director) and DOGE slahed it’s funding and they lost 30% of their workforce. Gee what could go wrong??

Reply to this discussion

Kick in to the DU tip jar?

This week we're running a special pop-up mini fund drive. From Monday through Friday we're going ad-free for all registered members, and we're asking you to kick in to the DU tip jar to support the site and keep us financially healthy.

As a bonus, making a contribution will allow you to leave kudos for another DU member, and at the end of the week we'll recognize the DUers who you think make this community great.

Tell me more...

Latest Discussions»General Discussion»CISA exposes files repres...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2026 Democratic Underground, LLC. Thank you for visiting.