Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems.
That’s according to cybersecurity reporter Brian Krebs, who first broke the news over the weekend, acting on a tip from researcher Guillaume Valadon at GitGuardian.
Valadon confirmed the information in an email interview with CSO.
Based on the repository’s commit history and the account creator’s own troubleshooting notes, committed back into the repo, Valadon believes the repository was run by a CISA contractor who created it on his personal GitHub account.
“This is a serious breach of security con...