
Government Cybersecurity Agency Accidentally Exposed Its Own Passwords Online
CISA, the agency responsible for protecting government computer systems, had employee passwords accidentally posted publicly on GitHub by a contractor.
Source
TechCrunch Security
Original headline: US cybersecurity agency CISA had to build its incident playbook during the incident, agency reveals
Plain-English summary by GetCyberRight. Read the full report at the source above.
The Cybersecurity and Infrastructure Security Agency, known as CISA, experienced an embarrassing security incident. An employee working for a CISA contractor accidentally uploaded passwords to a public location on GitHub, a website where programmers share code. A security researcher discovered the exposed passwords and reported them to cybersecurity journalist Brian Krebs in May. This forced CISA to respond to a breach of its own systems while it normally helps other agencies deal with their security problems. This incident primarily affected CISA employees and the government systems they use. Regular families and internet users were not directly impacted by this password exposure. However, the incident raises concerns about how well the agency tasked with protecting government cybersecurity can protect its own systems. CISA has revealed that it did not even have a proper incident response plan in place and had to build one while dealing with this breach. For most families, there is no immediate action required from this specific incident.
Your personal accounts were not exposed in this breach. However, this serves as an important reminder about password security.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
If you use GitHub or similar code sharing websites, make sure you never upload passwords, API keys, or other sensitive information to public repositories. Review any code or files before making them public. This incident highlights an important lesson for everyone. Even cybersecurity professionals make mistakes with password security.
This is why you should always use a password manager to generate and store unique passwords for every account. Never reuse passwords across different websites. Enable two factor authentication on all accounts that offer it, especially email, banking, and social media. If even government cybersecurity agencies can accidentally expose passwords, it can happen to anyone.
Curated from trusted cybersecurity sources by GetCyberRight
Source: TechCrunch SecurityStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

CISA Contractor Accidentally Exposed Passwords in Public Online Repository
An employee of a contractor working for the U.S. cybersecurity agency CISA accidentally uploaded passwords to a publicly accessible location on GitHub.
2 min readWhy Firmware Attacks Now Threaten Your Smart Home Devices
Six newly discovered vulnerabilities in common device firmware let attackers hide malware where your antivirus can't see it. Here's what families need to know.
3 min readRyuk Ransomware Criminal Faces 15 Years: What Families Need to Know
An Armenian hacker pleaded guilty to ransomware attacks on U.S. businesses. His arrest proves cybercriminals can be caught and prosecuted.
3 min readRansomware 'Middleman' Faces 15 Years: What Families Need to Know
A technical operator just pleaded guilty to deploying ransomware attacks. You don't need to be the mastermind to face federal charges.
3 min read