Grafana Labs source code stolen, refuses to pay hacker ransom
▼ Summary
– Grafana Labs confirmed it was hacked via a stolen GitLab token, which allowed attackers to access source code repositories but not customer or financial data.
– The company invalidated the compromised token and implemented additional security measures to prevent future incidents.
– Hackers attempted to blackmail Grafana Labs, demanding payment to prevent the release of its codebase, but the company refused to pay.
– Grafana’s code is mostly open source and publicly available, making it unclear if any proprietary data was stolen.
– The company cited FBI advice against paying ransoms, contrasting with Instructure, which paid hackers to prevent data release.
Grafana Labs, the company behind the widely-used open source web visualization software, has confirmed a security breach but stated it will not comply with the hackers’ ransom demands. The attackers threatened to release the company’s codebase unless payment was made.
According to a series of social media posts from the lab, an investigation revealed that the hackers exploited a stolen token credential to gain entry into the company’s GitLab environment, the platform used for code development. While this token did not compromise customer records or financial data, it did allow the intruders to access the company’s source code repositories. In response, Grafana has since revoked the compromised token and implemented additional security measures to prevent a similar incident in the future.
“The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase,” the company stated publicly.
Much of Grafana’s code is open source and publicly available, meaning anyone can download, modify, and run the software on their own systems. It remains unclear whether any proprietary or sensitive information was among the stolen files. A company spokesperson did not immediately respond to a request for further comment.
This incident stands in stark contrast to the recent breach at education technology giant Instructure. Last week, Instructure “reached an agreement” to pay hackers who had infiltrated its network twice in a short span. The attackers demanded an unspecified ransom and threatened to release stolen data on staff and students after a massive data breach and website defacement.
Although no customer data was taken in Grafana’s case, the company cited the FBI’s longstanding recommendation that victims avoid paying ransoms. The agency warns that cooperating with hackers offers no guarantee that stolen data will be returned or kept private. Critics also argue that paying cybercriminals only fuels future attacks.
Grafana noted that its investigation remains active, and the company plans to share its findings once the probe is complete.
(Source: TechCrunch)
