Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Red Hat Warns of Ceph Website Breach

Red Hat warned users on Thursday that it detected an intrusion on two websites related to Ceph, the company’s open source distributed storage platform.

Red Hat warned users on Thursday that it detected an intrusion on two websites related to Ceph, the company’s open source distributed storage platform.

According to the open source giant, which acquired Ceph developer Inktank in April 2014, the breach affects the websites and offers downloads for Ceph community versions, while provided releases of the Red Hat Ceph product for Ubuntu and CentOS.

The company has pointed out that the affected websites are hosted on a server outside of the Red Hat infrastructure. The investigation is ongoing, but so far there is no evidence that the code and binaries offered on the impacted websites have been compromised.

On the other hand, Red Hat says it cannot fully rule out the possibility that the files available for download at some point in the past had been altered. The company also believes the signing keys for Inktank and can no longer be trusted. As a result, the Ceph signing key has been replaced, and the Red Hat Ceph Storage products have been re-signed with standard Red Hat release keys.

“This intrusion did not affect other Ceph sites such as (which contained some Ceph downloads) or (which mirrors various source repositories), and is not known to have affected any other Ceph community infrastructure. There is no evidence that build systems or the Ceph github source repository were compromised,” reads a security notice posted on the Ceph website.

Customers of Red Hat Ceph Storage versions for CentOS and Ubuntu have been advised to download the newly signed product versions. Customers of Red Hat Ceph Storage for RHEL and other Red Hat products are not affected by the incident.

The and websites have been rebuilt and all the content hosted on them has been verified. Red Hat customers have been notified that the host has been retired following the breach.

Red Hat noted that while the compromised system did not store customer data, it did hold usernames and password hashes used by customers for authenticating downloads. Sources: 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...


Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.