"Data from 28,000 internal projects at Red Hat has been stolen. The hacker group Crimson Collective claims to have stolen nearly 570GB of data. The stolen information is not only affecting Red Hat: BleepingComputer reports that customer data from around 800 Customer Engagement Reports has also been stolen. The hackers claim that the breach took place around two weeks ago. Customer Engagement Reports (CERs) are documents that contain infrastructure details, configuration data, authentication keys, and other sensitive customer information."
"According to the attackers, they found authentication keys, full database URIs, and other private information in the Red Hat code and CERs, which they allegedly used to gain access to downstream customer infrastructure. On Telegram, the hacker group published a complete directory listing of stolen GitHub repositories, along with a list of customer reports from the period 2020-2025. Confirmation of security incident Red Hat has confirmed the security incident but declined to comment on the attackers' specific claims regarding the GitHub repositories and customer reports."
Crimson Collective claims to have stolen nearly 570GB of data from 28,000 internal Red Hat projects, including around 800 Customer Engagement Reports. CERs contained infrastructure details, configuration data, authentication keys, and other sensitive customer information that could enable infiltration of customer networks. Attackers allege they found authentication keys and full database URIs in Red Hat code and CERs and used them to access downstream customer infrastructure. The group published a directory listing of stolen GitHub repositories and a customer report list from 2020–2025. Red Hat confirmed the security incident, declined to comment on specific claims, and stated confidence in the integrity of its software supply chain. The CER list includes major organizations across sectors.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]