Red Hat confirms security incident after hackers breach GitLab instance
pSonicWall Firewall configs stolen for all cloud backup customersppNew FileFix attack uses cache smuggling to evade security softwareppHackers claim Discord breach exposed data of 55 million usersppGoogles new AI bug bounty program pays up to 30000 for flawsppFake Inflation Refund texts target New Yorkers in new scamppGet your first year of Sams Club membership for 15 MSRP 50ppSpain dismantles GXC Team cybercrime syndicate arrests leaderppGet a refurbished Lenovo Chromebook in this 70 dealppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppCorrection After publishing Red Hat confirmed that it was a breach of one of its GitLab instances and not GitHub Title and story updatedppAn extortion group calling itself the Crimson Collective claims to have stolen nearly 570GB of compressed data across 28000 internal development respositories belonging to Red Hat with the company confirming it was a breach of one of its GitLab instancesppThis data allegedly includes approximately 800 Customer Engagement Reports CERs which can contain sensitive information about a customers network and platformsppA CER is a consulting document prepared for clients that often contains infrastructure details configuration data authentication tokens and other information that could be abused to breach customer networksppRed Hat confirmed that it suffered a security incident related to its consulting business but would not verify any of the attackers claims regarding the stolen GitLab repositories and customer CERsppRed Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps Red Hat told BleepingComputerppThe security and integrity of our systems and the data entrusted to us are our highest priority At this time we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chainppAfter publishing our story Red Hat confirmed that the security incident was a breach of its GitLab instance used solely for Red Hat Consulting on consulting engagements and not GitHubppWhile Red Hat did not respond to any further questions about the breach the hackers told BleepingComputer that the intrusion occurred approximately two weeks agoppThey allegedly found authentication tokens full database URIs and other private information in Red Hat code and CERs which they claimed to use to gain access to downstream customer infrastructureppThe hacking group also published a complete directory listing of the allegedly stolen GitLab repositories and a list of CERs from 2020 through 2025 on TelegramppThe directory listing of CERs include a wide range of sectors and well known organizations such as Bank of America TMobile ATT Fidelity Kaiser Mayo Clinic Walmart Costco the US Navys Naval Surface Warfare Center Federal Aviation Administration the House of Representatives and many othersppIf you have any information regarding this incident or any other undisclosed attacks you can contact us confidentially via Signal at 6469613731 or at tipsbleepingcomputercomppThe hackers stated that they attempted to contact Red Hat with an extortion demand but received no response other than a templated reply instructing them to submit a vulnerability report to their security teamppAccording to them the created ticket was repeatedly assigned to additional people including Red Hats legal and security staff membersppBleepingComputer sent Red Hat additional questions and we will update this story if we receive more informationppThe same group also claimed responsibility for briefly defacing Nintendos topic page last week to include contact information and links to their Telegram channelppFollowing our story Red Hat published a security update confirming that threat actors gained access to a GitLab instance used by its Consulting divisionppWe recently detected unauthorized access to a GitLab instance used for internal Red Hat Consulting collaboration in select engagements reads the Red Hat security updateppUpon detection we promptly launched a thorough investigation removed the unauthorized partys access isolated the instance and contacted the appropriate authorities Our investigation which is ongoing found that an unauthorized third party had accessed and copied some data from this instanceppWe have now implemented additional hardening measures designed to help prevent further access and contain the issueppRed Hat emphasized that the GitLab instance is only used by its consulting division and the breach does not impact other Red Hat products or its supply chain including software downloaded from official channelsppThe company confirmed that the instance contained consulting engagement reports CERs which may include project specifications example code snippets and internal communications related to consulting services However Red Hat states that these reports typically do not contain personal information and none have been found during the investigationppThe company is now contacting impacted customers to share further information on what may have been exposedppSeparately GitLab informed BleepingComputer that its platform or accounts were not compromised emphasizing that the incident only affected Red Hats selfmanaged instance of GitLab Community Edition and that customers are responsible for securing these installationsppUpdate 10225 Story updated with correction from Red Hat that it was a GitLab instance that was breached and not a GitHub account
Update 10225 Added information from Red Hats official statementppJoin the Breach and Attack Simulation Summit and experience the future of security validation Hear from top experts and see how AIpowered BAS is transforming breach and attack simulationppDont miss the event that will shape the future of your security strategyppRed Hat data breach escalates as ShinyHunters joins extortionppDiscord discloses data breach after hackers steal support ticketsppCrimson Collective hackers target AWS cloud instances for data theftppElectronics giant Avnet confirms breach says stolen data unreadableppProcter Gamble confirms data theft via GoAnywhere zerodayppThis is very misleading this was a GitLab security incident not GitHubppWe have updated our story after receiving a statement from Red HatppNot a member yet Register NowppFBI takes down BreachForums portal used for Salesforce extortionppWindows 11 23H2 Home and Pro reach end of support in 30 daysppApple now offers 2 million for zeroclick RCE vulnerabilitiesppThe role of Artificial Intelligence in todays cybersecurity landscapeppMake the leapget certified with VMUG Advantage Start your career journey todayppJoin Huntress to discuss all things tradecraft in a monthly meeting of the technical mindsppRedefine security validation with Picus AIdriven Breach and Attack SimulationppSee how Material secures Gmail Drive with EDRstyle detection and rapid responseppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp
Update 10225 Added information from Red Hats official statementppJoin the Breach and Attack Simulation Summit and experience the future of security validation Hear from top experts and see how AIpowered BAS is transforming breach and attack simulationppDont miss the event that will shape the future of your security strategyppRed Hat data breach escalates as ShinyHunters joins extortionppDiscord discloses data breach after hackers steal support ticketsppCrimson Collective hackers target AWS cloud instances for data theftppElectronics giant Avnet confirms breach says stolen data unreadableppProcter Gamble confirms data theft via GoAnywhere zerodayppThis is very misleading this was a GitLab security incident not GitHubppWe have updated our story after receiving a statement from Red HatppNot a member yet Register NowppFBI takes down BreachForums portal used for Salesforce extortionppWindows 11 23H2 Home and Pro reach end of support in 30 daysppApple now offers 2 million for zeroclick RCE vulnerabilitiesppThe role of Artificial Intelligence in todays cybersecurity landscapeppMake the leapget certified with VMUG Advantage Start your career journey todayppJoin Huntress to discuss all things tradecraft in a monthly meeting of the technical mindsppRedefine security validation with Picus AIdriven Breach and Attack SimulationppSee how Material secures Gmail Drive with EDRstyle detection and rapid responseppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp
