Dispatch
CISA Contractor Leaked AWS GovCloud Keys, SSH Keys, and Plaintext Passwords on Public GitHub Repo for 6 Months
A CISA contractor (Nightwing) maintained a public repo named 'Private-CISA' containing 844 MB of plaintext passwords, AWS GovCloud tokens, Entra ID SAML certificates, and SSH keys — exposed since November 2025. GitGuardian discovered it May 14; CISA pulled it within 26 hours, but exposed AWS keys remained valid for another 48 hours. GitHub's secret scanning was deliberately disabled on the repo, and files were literally named 'importantAWStokens'.
↳ Follow the thread