CISA contractor exposed passwords on public GitHub

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Brian Krebs reported in May that a security researcher at GitGuardian alerted him to exposed passwords stored in a publicly accessible GitHub repository.
- The repository was uploaded by an employee of a CISA contractor, making the exposure traceable back to a firm working for the US cybersecurity agency.
Why it matters: A contractor working for CISA, the federal lead on cybersecurity, was the source of the password exposure — a direct contradiction between the agency's public guidance on credential hygiene and the practices of its own contracted personnel.




