Red Hat’s GitLab Repository Breached—Security Investigation Ongoing
Red Hat’s GitLab Repository Breached—Security Investigation Ongoing
- Why Enterprise RAID Rebuilding Succeeds Where Consumer Arrays Fail?
- Linus Torvalds Rejects MMC Subsystem Updates for Linux 7.0: “Complete Garbage”
- The Man Who Maintained Sudo for 30 Years Now Struggles to Fund the Work That Powers Millions of Servers
- How Close Are Quantum Computers to Breaking RSA-2048?
- Why Windows 10 Users Are Flocking to Zorin OS 18 Instead of Linux Mint?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Red Hat’s GitLab Repository Breached—Security Investigation Ongoing
In the lifecycle of any enterprise, security breaches are an unfortunate inevitability. This time, the target was Red Hat, a major player in the Linux and cloud computing sectors.
A new cybercrime group calling itself Crimson Collective (also known as Eye of Providence) has claimed responsibility for infiltrating Red Hat’s private GitLab repository and stealing customer information along with confidential source code.
The group announced the breach late on October 2 (US time) via Telegram, posting screenshots purportedly showing directory listings of Red Hat’s internal projects. Red Hat has confirmed the breach occurred.
Red Hat’s Official Statement
Red Hat issued the following statement:
“We recently detected unauthorized access to a GitLab instance that was used for internal collaboration on certain consulting engagements. We immediately launched a thorough investigation, removed the unauthorized access, isolated the instance, and contacted the appropriate authorities. Our ongoing investigation has determined that an unauthorized third party accessed and copied some data from this instance.”
Scale of the Alleged Data Theft
The hackers claim to have extracted approximately 570GB of data from 28,000 internal development repositories, allegedly including around 800 Customer Engagement Reports (CERs).
CERs are detailed documents produced by Red Hat’s consulting services that contain sensitive information about client environments, including architecture diagrams, network configurations, and authentication tokens. The group claims this data could enable infiltration of customer infrastructure.
Red Hat responded to these claims as follows: “The compromised GitLab instance contained consulting engagement data, such as Red Hat project specifications, example code snippets, and internal communications related to consulting services. This GitLab instance typically does not contain highly sensitive personal information. While our analysis continues, we have not identified highly sensitive personal information in the affected data at this time.”
Affected Organizations
The group claims to have obtained CERs related to major corporations including AT&T, Bank of America, and Fidelity, as well as government agencies such as the US Navy’s Naval Surface Warfare Center, the Federal Aviation Administration, and the US House of Representatives.
In response, Red Hat emphasized that the breach affected only Red Hat Consulting customers. “At this time, we have no reason to believe this security issue impacts our other Red Hat services or products, such as our software supply chain or downloads of Red Hat software from official channels.”
For those who are not Red Hat Consulting customers, Red Hat stated clearly to all other customers and users that “at this time, we have confirmed no evidence of impact from this incident.” The company acknowledged it is “aware of claims circulating online” and explained that its “security team is actively investigating this matter.”
GitLab Not at Fault
While GitLab software was involved, this security breach is entirely a Red Hat issue, not a GitLab problem. GitLab stated: “There has been no breach of GitLab-managed systems or infrastructure. GitLab remains secure and unaffected. This incident concerns an instance of GitLab Community Edition—our free, open-core offering—that Red Hat self-manages.”
Unverified Claims
Crimson Collective claims to have extracted massive amounts of data, including unreleased projects and security-related tools, from Red Hat’s self-hosted GitLab instance. However, these claims remain unverified as no source code samples have appeared on information leak sites.
Furthermore, since Red Hat’s software and services are based on open-source code, access to that code is unlikely to pose significant danger. Unlike proprietary code from companies like Apple or Microsoft, the code for Red Hat Enterprise Linux (RHEL) is already publicly available through Fedora and CentOS Stream. In other words, what RHEL contains and how it’s built is already precisely known.
Reputational Impact
Nevertheless, this customer data breach damages the company’s reputation. This impact cannot be ignored, especially given that concerns about open-source supply chain security have increased among enterprises over the past two years.
As of October 3 when this article was written, Red Hat has not provided further updates on how serious Crimson Collective’s claims actually are. Ultimately, cybercrime groups often exaggerate or fabricate breaches to gain attention. While there’s no doubt a breach occurred, the severity remains an unresolved question.
