US cyber agency CISA exposed reams of passwords and cloud keys to the open web

A good-faith security researcher identified publicly exposed credentials that allowed access to U.S. cybersecurity agency CISA systems and those of its parent agency, the Department of Homeland Security. GitGuardian security researcher Guillaume Valadon found reams of exposed plaintext credentials listed in spreadsheets in a GitHub repository maintained Valadon reported the issue to Krebs after the contractor did not respond to alerts. CISA spokesperson Marco DiSandro said the agency is aware of the reported exposure and is continuing to investigate. DiSandro said there is no indication that any sensitive data was compromised as a result of this incident. CISA would not comment on whether it has seen evidence of a breach or has revoked and replaced the credentials. Although the lapse occurred with a contractor, CISA is responsible for the security of its network and systems, including those managed