Cybercrooks breach Red Hat's private GitLab repos - what we know about affected customers

John Keeble/Getty Images Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Hackers have broken into Red Hat's private GitLab repositories. Some Red Hat Consulting customers' information appears to have been stolen. How serious this breach is remains an open question. A security breach will occur in every company's life. This time, it's Linux and cloud powerhouse Red Hat's turn. A newly surfaced cybercrime group calling itself Crimson Collective (also known as Eye Of Providence) claimed responsibility for breaching Red Hat's private GitLab repositories and stealing customer information and confidential source code. Also: Hackers stole 1 billion records from Salesforce customer databases with this simple trick - don't fall for it The group made the claim late Thursday on Telegram, posting screenshots allegedly showing directory listings from internal Red Hat projects. Red Hat has confirmed the breach. Red Hat stated: "We recently detected unauthorized access to a GitLab instance used for internal Red Hat Consulting collaboration in select engagements. We promptly launched a thorough investigation, removed the unauthorized party's access, isolated the instance, and contacted the appropriate authorities. Our investigation, which is ongoing, found that an unauthorized third party had accessed and copied some data from this instance." The hackers claim to have swiped almost 570GB of data from 28,000 internal development repositories. This data allegedly includes approximately 800 Customer Engagement Reports (CERs). Red Hat CERs are detailed documents from Red Hat's consulting services that contain sensitive information about client environments, such as architecture diagrams, network configurations, and authentication tokens. Armed with this data, the group claims it can break into the downstream customer infrastructure. Are downstream customers vulnerable? Red Hat's reply to that claim: "The compromised GitLab instance housed consulting engagement data, which may include, for example, Red Hat's project specifications, example code snippets, and internal communications about consulting services. This GitLab instance typically does not contain sensitive personal data. While our analysis remains ongoing, we have not identified sensitive personal data within the impacted data at this time." Also: Phishing training doesn't stop your employees from clicking scam links - here's why The group said it obtained CERs from companies such as AT&T, Bank of America, and Fidelity, and government agencies, including the US Navy's Naval Surface Warfare Center, the Federal Aviation Administration, and the US House of Representatives. In response, Red Hat reiterated that this hack had only affected Red Hat Consulting customers. "At this time, we have no reason to believe this security issue impacts any of our other Red Hat services or products, including our software supply chain or downloading Red Hat software from official channels." If you're not a Red Hat Consulting customer, Red Hat assures all its other customers and users that "there is currently no evidence that you have been affected by this incident." Red Hat said it was "aware of claims being circulated online" and that "security teams are actively reviewing the matter." While GitLab software is involved, this security breach is entirely Red Hat's problem, not GitLab's. In a statement, GitLab said, "There has been no breach of GitLab's managed systems or infrastructure. GitLab remains secure and unaffected. The incident refers to Red Hat's self-managed instance of GitLab Community Edition, our free open-core offering." The companies that deploy GitLab Community Edition are responsible for securing it; GitLab is not. Crimson Collective claims to have siphoned "tens of gigabytes" of data from Red Hat's self-hosted GitLab instance, including unreleased projects and security-related tools. No source code samples have appeared on leak sites, so these claims remain unverified. Also: Battered by cyberattacks, Salesforce faces a trust problem - and a potential class action lawsuit In addition, since all of Red Hat's software and services are based on open-source code, it's rather complicated to imagine how accessing its code could possibly present any danger. Proprietary code from, say, Apple or Microsoft, would be another story. But all Red Hat Enterprise Linux (RHEL) code is already out there in Fedora and CentOS Stream. We already know exactly what's in RHEL's recipe and how it's baked. Still, this breach of Red Hat customers' data damages the company's reputation. In the last two years, more companies have become worried about open-source supply chain security issues. Stay ahead of security news with Tech Today, delivered to your inbox every morning. As of late Friday, Red Hat had not provided further updates on how serious Crimson Collective's claims are. After all, cybercrime groups often exaggerate or fabricate breaches to gain attention. There's no question that there's been a breach, but how serious it is remains an open question.