Attackers Hit a Pair of Red Hat's Open-Source Ceph Sites
Red Hat warns that that there was an intruder on the Ceph infrastructure, but few details are available from the ongoing investigation.The open-source Ceph distributed object store and file system has emerged in recent years as a popular component of cloud, particularly OpenStack, deployments. That popularity may have made Ceph an attractive target for attackers, as Red Hat warned on Sept. 17 that there was a breach on a pair of Ceph Websites. Red Hat—which last year acquired Inktank, the lead commercial sponsor of Ceph—identified both Ceph.com and Download.inktank.com as part of the attacker intrusion. "The Download.inktank.com host has been retired, and affected Red Hat customers have been notified," Ceph founder Sage Weil said. In its advisory, Red Hat stated: "To date, our investigation has not discovered any compromised code available for download on these sites. We cannot fully rule out the possibility that some compromised code was available for download at some point in the past."
It is not clear when the Ceph sites were breached, or what security controls were abused or misconfigured in order to enable the breach. A Red Hat spokesperson told eWEEK that the company cannot provide additional detail beyond its public advisory as the situation is an ongoing incident investigation.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.