6 views 30 secs 0 comments

Red Hat Confirms GitLab Instance Hack, Data Theft

In Cyberattack, News
October 06, 2025
Red Hat Confirms GitLab Instance Hack, Data Theft

Security Week reports:

Red Hat on Thursday confirmed that one of its GitLab instances was hacked after a threat actor claimed to have stolen sensitive data belonging to the company and its customers. 

It was initially reported that the hackers had targeted a GitHub instance, but the enterprise software giant clarified that it was actually a GitLab instance, specifically one used by the Red Hat Consulting team. 

The hackers, calling themselves Crimson Collective, claimed to have stolen 570 Gb of compressed data from 28,000 private repositories. The obtained data allegedly includes source code, credentials, secrets, and configurations, as well as customer engagement reports (CERs).

The attackers also claimed to have used the compromised information to gain access to Red Hat customers’ infrastructure.

Read more at SecurityWeek.

In a development on Sunday, a listing for the data appeared on a new leak site by ScatteredLAPSUS$Hunters, indicating that Crimson Collective had joined with Scattered et al. in trying to extort Red Hat or its clients. The Red Hat is unrelated to the Salesforce and Salesloft Drift campaigns by the ScatteredLAPSUS$Hunters group.