Última hora
KR민주노총, '노란봉투법' 시행에도 원청 교섭 외면하자 15일 총파업 선포CN楊文科縣長「公假自費」赴中挨批 議員參選人質疑行程與防災CN2026“知东汇西:中美青年共话未来”活动在华盛顿启动CN巴黎检方调查巴拉圭参议员涉嫌歧视姆巴佩言论CN苏丹北科尔多凡州发生无人机袭击事件 至少15名平民丧生CN中法艺术家联合制作戏剧芭蕾《大鼻子情圣》在阿维尼翁首演ARمجلس الشؤون الاقتصادية والتنمية السعودي يؤكد مرونة الاقتصاد الوطني ويحتفي بتراجع وفيات الحوادث المروريةDEKI im deutschen Mittelstand: Schnelle Aufholjagd mit HürdenCN台語歌后陳盈潔失能現況引關注 專家籲關注長者失能評估關鍵6指標CN卓榮泰:台灣正舉辦「金融世界盃」,盼追趕新加坡成亞洲金融中心KR민주노총, '노란봉투법' 시행에도 원청 교섭 외면하자 15일 총파업 선포CN楊文科縣長「公假自費」赴中挨批 議員參選人質疑行程與防災CN2026“知东汇西:中美青年共话未来”活动在华盛顿启动CN巴黎检方调查巴拉圭参议员涉嫌歧视姆巴佩言论CN苏丹北科尔多凡州发生无人机袭击事件 至少15名平民丧生CN中法艺术家联合制作戏剧芭蕾《大鼻子情圣》在阿维尼翁首演ARمجلس الشؤون الاقتصادية والتنمية السعودي يؤكد مرونة الاقتصاد الوطني ويحتفي بتراجع وفيات الحوادث المروريةDEKI im deutschen Mittelstand: Schnelle Aufholjagd mit HürdenCN台語歌后陳盈潔失能現況引關注 專家籲關注長者失能評估關鍵6指標CN卓榮泰:台灣正舉辦「金融世界盃」,盼追趕新加坡成亞洲金融中心
Newsgather
BackGood-faith researcher prevents potential CISA breach by finding exposed credentials
Good-faith researcher prevents potential CISA breach by finding exposed credentials
En desarrollo
TechCrunch19.05.2026Tecnología2 dk okumaUnited States

Good-faith researcher prevents potential CISA breach by finding exposed credentials

En resumen

  • A security researcher discovered publicly exposed credentials for CISA and DHS systems on GitHub, potentially averting a major breach.
  • The credentials were left by a contractor's employee.
  • CISA is investigating.

Resumen generado por IA

Por qué importa

A security researcher discovered publicly exposed credentials for CISA and its parent agency, DHS, on GitHub. The credentials were left by an employee of a CISA contractor. The researcher reported the issue after the contractor did not respond to alerts. CISA is responsible for U.S. federal cybersecurity.

Tamaño de fuente

U.S. cybersecurity agency CISA may have escaped a sizable security breach, thanks to a good-faith security researcher who identified publicly exposed credentials that allowed access to government cloud and internal agency systems.

As first reported by independent security reporter Brian Krebs, GitGuardian security researcher Guillaume Valadon found reams of exposed plaintext credentials listed in spreadsheets, which had been made publicly accessible in a GitHub repository by an employee working for a CISA contractor.

Valadon told Krebs that the exposed credentials were used for accessing systems belonging to CISA and its parent agency, the Department of Homeland Security. Valadon said the credentials included access tokens, cloud keys, and other sensitive files. Valadon told Krebs that he tested some of the keys to verify that they were valid.

He then reported the lapse to Krebs because the CISA contractor who maintained the GitHub environment did not respond to their alerts.

The security lapse is particularly embarrassing for CISA because the U.S. government agency is responsible for cybersecurity across the civilian federal network. The organization also advises on best cybersecurity practices, which includes storing passwords in secured password managers and not in unprotected spreadsheets.

It’s not clear if anyone found or used the credentials other than Valadon. When reached by TechCrunch, CISA spokesperson Marco di Sandro said the agency is “aware of the reported exposure and is continuing to investigate the situation,” and that there is “no indication that any sensitive data was compromised as a result of this incident.”

CISA would not say if the agency has seen any evidence of a breach stemming from this exposure. TechCrunch asked if the agency has revoked and replaced the exposed credentials following the incident.

While the incident was traced back to an employee working for a CISA contractor, CISA is ultimately responsible for the security of its own network and systems, including contractors who work for the agency.

CISA has been without a permanent director since January 20, 2025, when then-CISA director Jen Easterly stepped down ahead of the start of the incoming Trump administration. CISA has also lost about a third of its workforce following cuts, furloughs, and layoffs since Trump took office.

Updated with comment from CISA.

Preguntas abiertas

  • Was any sensitive data compromised?
  • Have the exposed credentials been revoked and replaced?
  • What specific systems were accessed by the exposed credentials?
  • What are the implications for the CISA contractor?

Temas relacionados

This article was originally published by TechCrunch.

Noticias relacionadas

Más sobre este temacybersecurity