U.S. cybersecurity agency CISA may have escaped a sizable security breach, thanks to a good-faith security researcher who identified publicly exposed credentials that allowed access to government cloud and internal agency systems.
As first reported by independent security reporter Brian Krebs, GitGuardian security researcher Guillaume Valadon found reams of exposed plaintext credentials listed in spreadsheets, which had been made publicly accessible in a GitHub repository by an employee working for a CISA contractor.
