The Worst Leak That I’ve Witnessed: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
Summary
Gizmodo reports that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) left digital keys and credentials in a public GitHub repository for an extended period. The leak reportedly included plain-text passwords, keys, and tokens, raising questions about government-adopted secret management. Krebs on Security framed the incident as a major breach of credential security, though CISA stated no evidence of compromised data, and the story highlights the need for improved secret handling and incident response.