Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/briankrebs/statuses/116608340448629866">BrianKrebs (briankrebs@infosec.exchange)'s status on Thursday, 21-May-2026 04:25:04 JST</a><a href="https://infosec.exchange/@briankrebs" title="briankrebs@infosec.exchange"><img src="https://gnusocial.jp/avatar/21764-48-20231108132353.webp" width="48" height="48" alt="BrianKrebs" style="position: absolute; left: 0; top: 0;">BrianKrebs</a></section><article><p>Check it: Sen. Maggie Hassan (D-NH) is demanding answers from CISA and DHS over my reporting this week that a CISA contractor had published on GitHub a number of CISA AWS GovCloud keys and a ton of plaintext passwords, SSH keys, etc. for internal CISA resources.</p><p>ICYMI: </p><p><a href="https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/" rel="nofollow">https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/</a></p><p><a href="https://www.hassan.senate.gov/news/press-releases/senator-hassan-presses-for-answers-on-major-reported-data-leak-at-leading-cybersecurity-agency" rel="nofollow">https://www.hassan.senate.gov/news/press-releases/senator-hassan-presses-for-answers-on-major-reported-data-leak-at-leading-cybersecurity-agency</a></p><p><a href="https://infosec.exchange/tags/cisa" rel="tag">#cisa</a> <a href="https://infosec.exchange/tags/cybersecurity" rel="tag">#cybersecurity</a> <a href="https://infosec.exchange/tags/databreach" rel="tag">#databreach</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/6414244#notice-12627696">In conversation</a><time datetime="2026-05-21T04:25:04+09:00" title="Thursday, 21-May-2026 04:25:04 JST">about 8 days ago</time> <span>from <span><a href="https://infosec.exchange/@briankrebs/116608340448629866" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@briankrebs/116608340448629866">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/6098987">MAGGIE HASSAN ABOUT SERVICES NEWS CONTACT Q ( Newsierres
UNITED STATES SENATOR FOR NEW HAMPSHIRE J——
05.19.2026
Answers on Major Reported Data
Leak at Leading Cybersecurity
Hassan: “This reported incident raises serious questions about how such a security lapse could occur at the very
agency charged with helping to prevent cyber breaches”
WASHINGTON - U.S. Senator Maggie Hassan (D-NH), a senior member of the Senate Homeland Security
Committee, is pressing for answers following public reporting that a contractor for the Cybersecurity and
Infrastructure Security Agency (CISA) maintained lists of agency accounts and passwords on a public
database. Senator Hassan issued a request for an urgent classified briefing from the agency, which is part of
the Department of Homeland Security.
“This reported incident raises serious questions about how such a security lapse could occur at the very
agency charged with helping to prevent cyber breaches,” wrote Senator Hassan in her request. “This
reporting raises serious concerns regarding CISA’s internal policies and procedures at a time of significant
cybersecurity threats against U.S. critical infrastructure... The alleged data leak has also occurred against the
backdrop of major disruptions internally at CISA.”</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/608/334/268/532/032/original/0f56c047ed3a6bd6.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/608/334/268/532/032/original/0f56c047ed3a6bd6.png</a></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/6098988">A PDF of a letter frm Sen. Hassan to Nick Andersen, the acting director of CISA: I write to request an urgent classified briefing regarding public reporting that a contractor for the Cybersecurity and Infrastructure Security Agency (CISA) maintained lists of agency accounts and passwords on a public database.1 This reported incident raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches. According to a recent report from Krebs on Security, this leak included files that
detailed how CISA builds, tests, and deploys software internally in a folder called “PrivateCISA.”2 Exposed files reportedly included a file named “importantAWStokens,” with the administrative credentials to three Amazon Web Services (AWS) servers, and one named “AWS-Workspace-Firefox-Passwords.csv,” with plaintext usernames and passwords for multiple
internal systems.3 Security experts cited in recent reporting have described this security lapse as “one of the most egregious government data leaks in recent history.”4This reporting raises serious concerns regarding CISA’s internal policies and procedures at a time of significant cybersecurity threats against U.S. critical infrastructure.1 Brian Krebs, CISA Admin Leaked AWS GovCloud Keys on Github, Krebs on Security
(blog) (May 18, 2026) (krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-ongithub/).</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/608/357/179/484/950/original/1acdf7241bf633c1.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/608/357/179/484/950/original/1acdf7241bf633c1.png</a></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/6098989">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
BrianKrebs (briankrebs@infosec.exchange)'s status on Thursday, 21-May-2026 04:25:04 JST BrianKrebs
Check it: Sen. Maggie Hassan (D-NH) is demanding answers from CISA and DHS over my reporting this week that a CISA contractor had published on GitHub a number of CISA AWS GovCloud keys and a ton of plaintext passwords, SSH keys, etc. for internal CISA resources.
ICYMI:
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
https://www.hassan.senate.gov/news/press-releases/senator-hassan-presses-for-answers-on-major-reported-data-leak-at-leading-cybersecurity-agency
#cisa #cybersecurity #databreach
In conversationabout 8 days ago from infosec.exchangepermalink
Attachments

Public

Embed Notice

HTML Code

Corresponding Notice