Guillaume Valadon found CISA login keys leaked on public GitHub
Technology
The US Cybersecurity and Infrastructure Security Agency (CISA) just made a pretty big mistake: sensitive login keys and access tokens ended up on a public GitHub page.
researcher Guillaume Valadon spotted the issue in spreadsheets uploaded by someone working for a CISA contractor, raising eyebrows about how such important info slipped through.
Valadon verified keys, alerted Brian Krebs
Valadon checked some of the keys and confirmed they were real, then reached out to cybersecurity journalist Brian Krebs when the contractor didn't respond.
These leaked credentials could let people into systems at both CISA and the Department of Homeland Security, which is a major slip-up for an agency meant to protect federal networks.