The US Cyber ​​​​​​​​​​CISA revealed the passwords and keys of the cloud on the Internet

The US cybersecurity agency CISA may have survived a major security breach, thanks to a security researcher who discovered publicly disclosed information that allowed access to government clouds and internal agencies.

Like first reported by freelance journalist Brian Krebs, Security researcher at GitGuardian, Guillaume Valadon, found the sensitive information written in the spreadsheets, which were made public in a GitHub repository by a CISA contractor.

Valadon told Krebs that the leaked information was used to access CISA systems by its parent agency, the Department of Homeland Security. Valadon said the information includes login tokens, cloud keys, and other sensitive files. Valadon told Krebs that he tested some of the keys to make sure they were valid.

They then reported Krebs’ termination because the CISA contractor who maintained the GitHub site did not respond to their notices.

The security breach is particularly embarrassing for CISA because the US government agency is responsible for cyber security on federal networks. The organization also advises on best practices for online security, which include storing passwords in secure password managers and not on unsecured websites.

It is not known whether anyone obtained or used the information other than Valadon. When contacted by TechCrunch, a CISA spokesperson did not respond or say whether the agency has evidence of a breach stemming from this. TechCrunch asked if the agency has retracted and removed the information that was made public after the incident.

Although this happened to a CISA contractor employee, CISA is responsible for the security of the network and its systems, including contractors working for the agency.

CISA has been without a permanent director since January 20, 2025, when then-CISA director Jen Easterly stepped down before the start of the Trump administration. CISA has also lost approx one third of his staff following cuts, layoffs, and layoffs since Trump took office.