A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday.
The breach is significant given Grafana Labs’ widespread use across enterprise engineering and DevOps teams worldwide.
Grafana Labs is best known for its open-source dashboard and visualization platform, but also offers tools for log aggregation (Loki), continuous profiling (Pyroscope), distributed tracing (Tempo), and a hosted SaaS option (Grafana Cloud). It also offers a paid version of Grafana (Grafana Enterprise) with extra features and support.
While much of its software is open-source, the company also maintains proprietary portions of its codebase.
Grafana Labs refuses to pay ransom
“Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” the company shared.
“We immediately initiated forensic analysis and we believe we’ve identified the source of the credential leak. We have since invalidated the compromised credentials and implemented additional security measures to further secure our environment against unauthorized access.”
The attackers have threatened to leak the downloaded codebase unless the company pays them not to. Grafana Labs has said it will not pay the ransom.
“Based on our operational experience and the published stance of the Federal Bureau of Investigation, which notes that ‘paying a ransom doesn’t guarantee you or your organization will get any data back’ and only ‘offers an incentive for others to get involved in this type of illegal activity,’ we have determined the appropriate path forward is to not pay the ransom,” they stated.
The company did not identify the attackers by name, but the cyber‑extortion outfit known as Coinbase Cartel – a group with a history of targeting technology companies and publishing stolen code on data leak sites – claimed the attack.
Grafana Labs has promised to share additional information about the incident once their investigation is complete.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
