America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames
Summary
A GitHub repository managed by a top US cyber-defense agency was found to be publicly accessible, containing sensitive credentials such as passwords, API keys, and tokens. The repository's filenames were described as "incredibly obvious," indicating a potential oversight in security practices.
IFF Assessment
The accidental exposure of sensitive credentials by a cyber-defense agency represents a significant security lapse that could be exploited by adversaries.
Defender Context
This incident highlights the critical importance of secure repository management and access controls, even for organizations tasked with national cyber defense. Defenders should review their own code repositories for unintended exposure of secrets and implement robust secrets management strategies to prevent similar incidents.