The leading US cybersecurity agency CISA left access keys to its cloud systems and internal networks exposed on the open internet due to a serious security oversight. This dangerous situation was discovered by GitGuardian security researcher Guillaume Valadon. He found unprotected spreadsheets uploaded by a CISA contractor employee in a GitHub repository. This is reported by Techcrunch.com reports .
According to Valadon, these files contained passwords, cloud keys, and secret tokens intended for accessing systems belonging to CISA and the Department of Homeland Security. After verifying the authenticity of this information, the researcher informed journalist Brian Krebs because the contractor company did not respond to warnings.
This incident is a major embarrassment for CISA, as this agency is responsible for ensuring the cybersecurity of US federal networks and providing recommendations to other organizations on secure password storage. It is currently unknown whether third parties have accessed this information.
CISA representatives declined to comment on the incident and did not provide information on whether any unauthorized access to the system occurred as a result of the data leak. Although the agency should take full responsibility for its own security, the organization has been without a permanent director since January and is facing serious difficulties due to staff shortages.
Read “Zamin” on Telegram!
