CISA's Own Credentials Were Sitting on GitHub for Six Months

CISA -- the federal agency whose job it is to protect America's critical infrastructure -- had its own internal credentials sitting in a public GitHub repository for six months. Plain text passwords. AWS GovCloud keys. SSH access tokens. Visible to anyone on the internet with a browser.What makes this worse: the contractor who created the repository didn't slip up accidentally. They actively disabled the default GitHub protections designed to prevent exactly this from happening. And when the repository finally came down, those AWS keys stayed valid for another 48 hours before anyone thought to revoke them.Drex brings this back to the question every health system CISO should be sitting with: How many contractors have access to your most sensitive systems right now -- and if one of them made this choice six months ago, would you even know today?Remember, Stay a Little Paranoid Linkedin: https://www.linkedin.com/company/ThisWeekHealth Twitter: https://twitter.com/thisweekhealth Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer - https://www.alexslemonade.org/mypage/3173454