Grafana Labs, the creator of popular open-source web visualization software, confirmed it was hacked but refused to pay hackers who threatened to release its codebase.
In a series of posts on social media, the lab stated that its investigation revealed hackers abused a stolen token credential to access its GitLab environment used for code development. The token did not grant access to customer records or financial data but allowed hackers to obtain the company’s source code repositories. The company has since revoked the token and implemented additional security measures to prevent future incidents.
“The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase,” the company said.
Grafana’s code is open source and public, meaning anyone can download and modify it. It is unclear if any proprietary code or information was stolen. A company spokesperson did not return a request for comment.
This incident contrasts with the recent hack at education tech giant Instructure, which “reached an agreement” to pay hackers who breached its network twice in recent weeks. The hackers demanded an unspecified ransom, threatening to release stolen data about staff and students following a massive data breach and a subsequent website defacement.
While Grafana did not suffer any loss of customer data, the company cited the FBI’s advice urging victims not to pay hackers, as cooperation does not guarantee the return of stolen data or its non-publication. Critics argue that paying cybercriminals funds future attacks.
Grafana stated its investigation is ongoing and will share findings once the probe concludes.