Irony alert: Trump's top cybersecurity agency exposed its own passwords online

In a striking case of doing the opposite of what it's supposed to do, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) left its most sensitive digital passwords sitting in plain sight on the public internet for months.

Think of it like this: imagine the agency that's supposed to protect America's digital locks accidentally left all the keys to those locks sitting in a public park. And worse, the keys had labels on them that said exactly what doors they opened.

Someone working for a contractor hired by CISA used a website called GitHub (commonly used by computer programmers) to move work files home. Instead of using secure methods, they just uploaded everything — including passwords written out in plain text.

The folder was even named "Private-CISA," as if the label alone would keep it secret. It wasn't.

According to security experts, the exposed files contained administrative passwords to three major cloud servers and login credentials for dozens of internal systems. One file literally listed usernames and passwords in a spreadsheet.

An expert who specializes in finding exposed secrets online called it "the worst leak that I've witnessed in my career." The exposed access could have allowed hackers to break into the agency's most secure systems.

The folder was created in November and wasn't fixed until this month — meaning the passwords were publicly available for about six months.

CISA claims no one actually used these passwords to break in. But that's like leaving your house unlocked for six months and then saying it's okay because you don't think anyone went inside.

This disaster comes as CISA is already struggling. The agency has been described as chaotic and disorganized, with leadership positions unfilled. The Trump administration is also planning major budget cuts to the agency.

It's a stark irony: the government agency responsible for keeping America's digital infrastructure safe just proved it can't even keep its own passwords safe.

The CISA credential leak exposes broader systemic vulnerabilities within federal cybersecurity infrastructure. Security protocols require that sensitive credentials never be stored in unencrypted, plain-text formats, yet this fundamental principle was violated by a contractor employee using unsecured methods to transfer files.

The six-month window during which credentials remained exposed raises serious questions about CISA's internal monitoring and code repository scanning practices. Standard industry tools can automatically detect exposed secrets on GitHub, suggesting CISA either lacked such monitoring or failed to implement it effectively.

• george conway
• noam chomsky
• civil war
• Kayleigh mcenany
• Melania trump
• drudge report
• paul krugman
• Lindsey graham
• Lincoln project
• al franken bill maher
• People of praise
• Ivanka trump
• eric trump