CISA Admin Leaked AWS GovCloud Keys on Github

**TL;DR:** CISA Admin Leaked AWS GovCloud Keys on Github

---

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history. On May 15, KrebsOnSecurity heard from Guillaume Valadon , a researcher with the security firm GitGuardian .

Valadon’s company constantly scans public code repositories at GitHub and elsewhere for exposed secrets, automatically alerting the offending accounts of any apparent sensitive data exposures. Valadon said he reached out because the owner in this case wasn’t responding and the information exposed was highly sensitive. A redacted screenshot of the now-defunct “Private CISA” repository maintained by a CISA contractor. The GitHub repository that Valadon flagged was named “ Private-CISA ,” and it harbored a vast number of internal CISA/DHS credentials and files, including cloud keys

Source: Krebs on Security

Security headlines need a calm read: who is affected, what is confirmed, and whether there is a realistic mitigation for normal users.

Readers should treat early numbers and unnamed claims cautiously. The durable story is usually confirmed in docs, filings, or follow-up reporting.

Track whether the story affects total cost of ownership: subscriptions, compatibility, downtime risk, or support burden.

1) Treat unconfirmed claims as provisional. 2) Check official statements before changing security or spending decisions. 3) Save links and dates so you can verify updates later.

**Q: Is everything in this article confirmed?** A: The summary reflects publicly reported information at publication time. Analysis sections are clearly framed as context, not new reporting.

**Q: Will iByte update this page?** A: Yes. As primary sources publish more detail, this article can be refreshed without changing the URL.

Last updated: June 16, 2026.

Additional context: early-cycle stories often look bigger in headlines than in day-to-day impact. The useful move is to identify the smallest set of facts that would change your decision, then wait for those facts to land.

Additional context: early-cycle stories often look bigger in headlines than in day-to-day impact. The useful move is to identify the smallest set of facts that would change your decision, then wait for those facts to land.

Additional context: early-cycle stories often look bigger in headlines than in day-to-day impact. The useful move is to identify the smallest set of facts that would change your decision, then wait for those facts to land.