America's Cybersecurity & Infrastructure Agency (CISA) faced a significant security breach after a GitHub repository containing sensitive credentials was left publicly accessible for months. The repository, named 'Private-CISA,' housed plaintext passwords, SSH private keys, tokens, and other critical assets.
Discovery and Exposure
Security researcher Brian Krebs highlighted the issue after being alerted by Guillaume Valadon of GitGuardian. Valadon discovered the repository through GitGuardian's public code scans and noted that GitHub's default protections against committing secrets had been disabled by the repository's administrator.
GitHub's default protections against committing secrets—designed to prevent such exposures—were disabled by the repo's administrator.
Implications for National Security
The exposure of these credentials poses a severe risk to national security, as they could be exploited by malicious actors to compromise CISA's infrastructure. The repository was accessible since at least November 2025, and no response was received from the repository's owner when attempts were made to alert them.
This incident underscores the importance of stringent cybersecurity protocols and the need for continuous monitoring of digital assets to prevent unauthorized access.