US Cyber-Defense Agency Accidentally Leaked Its Own Secrets on Public GitHub

Security researchers at GitGuardian stumbled upon a public GitHub repository ironically named "Private-CISA". Inside, they found 844 megabytes of highly sensitive data belonging directly to the Cybersecurity and Infrastructure Security Agency (CISA).

The leak was so cartoonishly obvious that the researchers initially thought it was a honeypot or a bad joke. The repository contained folders with ridiculously straightforward names like "Important-AWS-Tokens", "Kubernetes-Important-Yaml-Files", and even "AWS-Workspace-Firefox-Passwords". It is almost as if a tired intern was trying to make a hacker's job as effortless as possible.

But the data turned out to be entirely authentic. The dump included Terraform infrastructure code, ArgoCD files, Kubernetes manifests, and raw CI/CD build logs. Effectively, it provided a complete blueprint of CISA's internal cloud setup, along with direct pathways and AWS IAM identifiers to wander right in.

The cleanup wasn't exactly instant either. The researchers discovered the repository and flagged it via CERT/CC on May 14, but they had to spend the next day desperately trying to reach someone at the agency who actually checked their inbox. By the time CISA finally shut down the public repository on May 15, the crown jewels of US cyber defense had been sitting open to the public for 26 hours.

When the very people hired to shield a superpower from state-sponsored hackers leave their master keys in a folder named "Important-AWS-Tokens", it really puts those mandatory corporate password-change emails into perspective. If this is the gold standard of government cyber defense, the bad guys do not even need to write exploits anymore—they just need a basic search bar.

Source: GitGuardian