Grafana Labs, the maker of its popular open-source web visualization software of the same name, confirmed it had been hacked, but declined to pay the hackers who threatened to release the company’s code base.
In a series of posts on social media, the lab said its investigation found that hackers misused stolen token credentials that allowed them to access the company’s GitLab environment, which was used for code development. The token did not provide access to customer records or financial data, but it did allow hackers to access repositories of the company’s source code. The company then invalidated the token and added additional security measures to prevent a repeat incident.
“The attacker attempted to blackmail us by demanding payment to prevent the release of our code base,” the company said.
Grafana’s code is open source and public, meaning anyone can download the program and edit its code before running it on their machine. It’s unclear if the hackers stole any proprietary code or data. A company spokesman did not immediately respond to a request for comment.
The incident contrasts with the recent hack of education technology giant Instructure last week ‘agreed’ to pay hackers which has breached its network twice in recent weeks. The hackers threatened to release stolen data about employees and students using the software and demanded an unspecified ransom. after a massive data breach and subsequent website defacement.
Although no customer data was obtained in the Grafana case, the company cited the FBI’s long-standing advice urging victims not to pay hackers because cooperating with hackers does not guarantee they will return stolen data or refrain from publishing it later. Critics also say that paying cybercriminals helps fund future cyberattacks.
Grafana said the investigation is ongoing and will share the results once the investigation is complete.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
