Red Hat confirms major data breach after hackers claim mega haul

(Image credit: Red Hat)

Crimson Collective breached Red Hat’s GitHub, stealing 570GB from 28,000 internal projects
Hackers claim to have stolen 800 Customer Engagement Records with sensitive infrastructure data
Red Hat confirmed breach but denied evidence of stolen CERs or impact on other services

Red Hat has confirmed suffering a potentially serious data breach, but the company said it was not able to verify hacker claims of stolen customer secrets.

A hacking group called Crimson Collective claims to have accessed Red Hat’s private GitHub repositories, and exfiltrated approximately 570GB of different files from 28,000 internal projects.

Among the files were 800 Customer Engagement Records (CER) - internal consulting documents that Red Hat created to support enterprise clients, and typically include detailed infrastructure information (network architecture, system configuration, etc), authentication and access data (credentials, access tokens, and more), and operational insights (recommendations, troubleshooting notes, and similar).

This makes them extremely valuable, since they can easily be leveraged in follow-up attacks.

Big names

In a statement shared with BleepingComputer, Red Hat confirmed the breach, but could not verify the claims of stolen CER files.

At the same time, the hacking group told the publication the attack happened roughly two weeks ago, and that the database contained authentication tokens, full database URIs, and other private information that can allegedly be used to access downstream customers.

They named at least a dozen heavy hitters, including Bank of America, T-Mobile, AT&T, Fidelity, Mayo Clinic, Walmart, the U.S. Navy’s Naval Surface Warfare Center, Federal Aviation Administration, and many more.

"Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps," Red Hat said.

"The security and integrity of our systems and the data entrusted to us are our highest priority. At this time, we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain."

Crimson Collective tried to extort Red Hat for money, but ultimately failed, since the company kept replying with generic, templated replies, it said.

Several major Linux distros hit by serious Sudo security flaws
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Big names

You might also like