News Tech
0

The very authority that gives tips on data protection has leaked important passwords

Benedikt Schlotmann Benedikt Schlotmann Reading time 2 minutes
Titelbild Phishing Security Sicherheit

A security agency accidentally leaks important passwords. The incident is particularly embarrassing for the agency, as its task is to secure the civil federal network and explain to everyone else how to ensure their own security.

Which agency is it? The CISA (Cybersecurity and Infrastructure Security Agency) is a U.S. federal agency for cybersecurity and infrastructure protection. The agency not only addresses internal issues but also supports companies and organizations with data protection and similar topics.

In Germany, CISA is most comparable to the BSI, the Federal Office for Information Security, which has similar goals regarding cybersecurity.

It is frustrating that this U.S. agency, which places such importance on security, has now likely leaked its important passwords.

Start video
In Germany, there are over 400 USB sticks protruding from walls – What is the ‘Dead Drops’ project?

Researcher Finds Massive Amounts of Credentials Unencrypted in a Spreadsheet

What kind of leak is this? Guillaume Valadon, a security researcher at GitGuardian, found massive amounts of credentials in plaintext within spreadsheets that an employee of a CISA contractor had publicly left accessible in a GitHub repository.

After reaching out to the agency and receiving no response, Valadon contacted security journalist Brian Krebs. He published an article on his blog about the password leak.

It was partly about working passwords, as the researcher found out after a test. The problem was that the data reportedly included sensitive access, which could have provided access to security systems of the Department of Homeland Security.

When asked by TechCrunch, a CISA spokesperson stated that the agency is “aware of the reported security vulnerability and is continuing to investigate the situation,” and there are no indications that sensitive data was compromised as a result of this incident. However, the agency did not provide further comments. Whether further individuals had access to the data is also unknown.

More on the topic
Companies like Microsoft have found: The use of AI is more expensive than paying human employees
von Benedikt Schlotmann
Companies like Microsoft have found: The use of AI is more expensive than paying human employees
The Witcher 3 presents new DLC, simultaneously increases system requirements on PC
von Benedikt Schlotmann
The Witcher 3 presents new DLC, simultaneously increases system requirements on PC
Tech YouTuber builds PC for under 500 euros that competes with the PS5 – shows that budget gaming is not dead yet
von jan hartmayer
Tech YouTuber builds PC for under 500 euros that competes with the PS5 – shows that budget gaming is not dead yet

Another example also shows that security agencies can indeed be caught off guard. This incident happened to an agency in Japan. The organization that coordinates Japan’s cyber defense was itself the victim of a hacker attack over a period of nine months, without it being noticed: Japan established a cybersecurity agency – discovered 9 months later that it had been hacked

This is an AI-powered translation. Some inaccuracies might exist.