Red Hat Confirms GitLab Breach After Hackers Steal 570 GB of Data

Comments

Red Hat security breach by Crimson Collective hackers compromising GitLab server and data repositories

Red Hat Confirms GitLab Breach After Hackers Steal 570 GB of Data


Open-source software giant Red Hat has confirmed a security incident after a ransomware group known as Crimson Collective successfully breached its internal GitLab server. According to the company, the attack resulted in the theft of roughly 570 GB of data from over 28 000 repositories.

Attack and Data Exposure​

The threat actors claim they gained access to authentication tokens and private keys, which allowed them to penetrate both internal and some client-facing infrastructure. Preliminary reports suggest that no production or customer services have been compromised, though investigators are still assessing the scope of the leak.

Crimson Collective — a group previously linked to attacks on software vendors and DevOps platforms — claims responsibility for the incident and has allegedly offered samples of stolen data on darknet forums.

Company Response and Containment​

Red Hat has launched an internal investigation and temporarily restricted external access to the affected GitLab instance. The company is collaborating with cybersecurity partners and law enforcement to contain the breach and prevent further data exfiltration.

In an official statement, Red Hat said that the breach “originated from a self-hosted GitLab Community Edition instance used for non-production development.” The main GitLab platform and customer data remain unaffected.

GitLab and Community Impact​

GitLab has confirmed that its core cloud service was not impacted by the incident, reiterating that the attack targeted only a privately managed server. Security analysts warn, however, that source-code leaks of this magnitude can pose long-term risks to software integrity and supply-chain security.

Developers using Red Hat’s ecosystem have been advised to rotate API keys and access tokens as a precaution while monitoring repositories for unauthorized commits or dependencies.

Conclusion​

The Red Hat breach highlights ongoing vulnerabilities in self-hosted DevOps infrastructure and the increasing sophistication of ransomware actors targeting open-source software supply chains. As Red Hat strengthens its defenses, the incident serves as a reminder of the need for continuous security audits and zero-trust policies in developer operations.


Editorial Team — CoinBotLab

Source: BleepingComputer / Red Hat Security Advisory (2025)

Related topics

Tags Tags
crimson collective cyberattack data leak devops gitlab breach hacking news open-source ransomware red hat security incident

More in Cybercrime — Darknet, Hacks & Security Incidents

LLM-powered malware changes cyber attack strategies

DeFi Protocol Balancer Hacked — $88M Stolen Across Multiple Chains

Reddit post claims OpenAI accidentally leaked list of top 30 clients

Researchers Discover 128 New Bluetooth Vulnerabilities in Modern Cars

Mic-E-Mouse: Researchers Turn High-DPI Mice into Covert Microphones

“CometJacking” Attack Turns AI Browser into Data-exfiltration Tool

Comments

There are no comments to display

Information

Author
Coinbotlab
Published
Views
27

Latest news

More by Coinbotlab

Share this news story

  • This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn more…
Back
Top