BrianKrebsMay 18

New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

Show threadBrianKrebsMay 18
It's possible this set of instructions by the CISA contractor might have caused all the trouble:
Show threadRihards OlupsMay 18
@briankrebs Where are these from? Didn’t see in the article.
Show threadBrianKrebsMay 18
@richlv from dude's exposed GitHub repo.
Show threadCityhallinMay 19
@briankrebs @richlv The most honeypot-like non-honeypot files I've ever seen.
Show threadMissConstrue

@cityhallin @briankrebs @richlv

Right? RIGHT?! If I had seen this repository, I would have assumed honeypot for stupid people. I mean HeresMyPasswords.txt, for the love of Bob. I know it wasn’t quite that bad, but yes it was. Jeezycreezy.

May 19 at 7:04pmWeb