Security researchers at GitGuardian have discovered login credentials for the US Cybersecurity and Infrastructure Security Agency (CISA).
On a public GitHub repository called “Private-CISA,” they found 844 MB of plaintext passwords, Amazon Web Services (AWS) tokens, and Entra ID SAML certifications belonging to CISA.
The repository also contained confidential information such as CI-CD build logs, Kubernetes manifests, Terraform infrastructure code, GitHub Actions workflows, internal documentation backups, and references to AWS accounts.
According to GitGuardian, the cybersecurity firm that discovered the login credentials on May 14th, the exposed material provided a detailed view into cloud infrastructure, deployment workflows, software supply-chain tooling, and internal operational practices.
“Personal documents, hostnames, and the careful organization of the files changed our minds. The repository was a catalog of unsafe practices: plaintext passwords, backups committed to Git, and explicit instructions to disable GitHub’s secret scanning,” the researchers said.
The classified information has been exposed since November 2025. When GitGuardian contacted CISA about the breach, the cybersecurity agency pulled the information offline within 26 hours.
“Currently, there is no indication that any sensitive data was compromised as a result of this incident. While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences,” a CISA spokesperson told cybersecurity expert Brian Krebs.
According to Krebs, the CISA repository was maintained by an employee named Nightwing, an alias for a government contractor based in Dulles, Virginia.
The security expert says the CISA repository contained easily guessed passwords for several internal resources. The passwords consisted of a platform’s name followed by the current year. Such practices pose a serious security threat to any organization, Krebs argues.
Due to a reorganization in February 2026, CISA has lost approximately one-third of its total workforce.
Unlock more exclusive Cybernews content on YouTube.
