Red Hat confirms major data breach after hackers claim mega haul

Crimson Collective breached Red Hat’s GitHub, stealing 570GB from 28,000 internal projects
Hackers claim to have stolen 800 Customer Engagement Records with sensitive infrastructure data
Red Hat confirmed breach but denied evidence of stolen CERs or impact on other services

Red Hat confirmed suffering a data breach, but did not verify hacker claims of stolen customer secrets.

Earlier this week, news broke that a hacking group called Crimson Collective accessed Red Hat’s private GitHub repositories, and exfiltrated approximately 570GB of different files from 28,000 internal projects. Among the files were 800 Customer Engagement Records (CER), as well.

These records are internal consulting documents that Red Hat created to support enterprise clients, and typically include detailed infrastructure information (network architecture, system configuration, etc), authentication and access data (credentials, access tokens, and more), and operational insights (recommendations, troubleshooting notes, and similar).

This makes them extremely valuable, since they can easily be leveraged in follow-up attacks.

Big names

In a statement shared with BleepingComputer, Red Hat confirmed the breach, but could not verify the claims of stolen CER files. At the same time, the hacking group told the publication that the attack happened roughly two weeks ago, and that the database contained authentication tokens, full database URIs, and other private information that can allegedly be used to access downstream customers.

They named at least a dozen heavy hitters, including Bank of America, T-Mobile, AT&T, Fidelity, Mayo Clinic, Walmart, the U.S. Navy’s Naval Surface Warfare Center, Federal Aviation Administration, and many more.

“Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps,” Red Hat told BleepingComputer. “The security and integrity of our systems and the data entrusted to us are our highest priority. At this time, we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain.”

Crimson Collective tried to extort Red Hat for money, but ultimately failed, since the company kept replying with generic, templated replies, they said.