# US cyber agency CISA exposed reams of passwords and cloud keys to the open web

_Friday, June 26, 2026 at 12:56 AM EDT · Cybersecurity · Latest · Tier 2 — Notable_

![US cyber agency CISA exposed reams of passwords and cloud keys to the open web — Primary](https://techcrunch.com/wp-content/uploads/2026/05/cisa-2240293485.jpg?resize=1200,800)

A good-faith security researcher identified publicly exposed credentials that allowed access to U.S. cybersecurity agency CISA systems and those of its parent agency, the Department of Homeland Security. GitGuardian security researcher Guillaume Valadon found reams of exposed plaintext credentials listed in spreadsheets in a GitHub repository maintained by an employee working for a CISA contractor, as first reported by independent security reporter Brian Krebs. Valadon tested some of the keys, which included access tokens and cloud keys, and confirmed they were valid.

Valadon reported the issue to Krebs after the contractor did not respond to alerts. CISA spokesperson Marco DiSandro said the agency is aware of the reported exposure and is continuing to investigate. DiSandro said there is no indication that any sensitive data was compromised as a result of this incident.

CISA would not comment on whether it has seen evidence of a breach or has revoked and replaced the credentials. Although the lapse occurred with a contractor, CISA is responsible for the security of its network and systems, including those managed by contractors. It is not clear if anyone other than Valadon found or used the credentials.

## Sources

- [TechCrunch](https://techcrunch.com/2026/05/19/us-cyber-agency-cisa-exposed-reams-of-passwords-and-cloud-keys-to-the-open-web/)

---
Canonical: https://techandbusiness.org/newswire/CeoAu2iFmluHtXciHyndNY
Retrieved: 2026-06-26T09:32:08.803Z
Publisher: Tech & Business (techandbusiness.org)