Grafana Labs rejects ransom demands after source code theft
Company confirms attackers accessed GitLab environment via compromised token but denies impact on customer data or financial records.
Grafana Labs has confirmed that cybercriminals accessed its source codebase through a compromised GitLab token credential, marking a significant security breach for the open source software developer. The company stated that attackers abused the stolen token to gain entry to its development environment, where they obtained repositories of source code. Despite threats from the hackers to publish the code if a ransom was not paid, Grafana Labs refused to comply with the demands.
In a series of social media posts, the company explained that the investigation revealed the attackers utilised a stolen token credential to access the GitLab environment used for code development. While the breach allowed the theft of source code, Grafana Labs clarified that the compromised token did not provide access to customer records or financial data. The company has since invalidated the stolen token and implemented enhanced security measures to prevent a recurrence of the incident.
The decision to refuse payment aligns with guidance from the Federal Bureau of Investigation (FBI), which has long advised victims against cooperating with cybercriminals. Grafana Labs noted that such cooperation does not guarantee the return of stolen data or prevent its publication. Critics of ransom payments argue that settling with hackers funds further cyberattacks, a stance Grafana appears to have adopted in this instance.
It remains unclear whether the hackers stole any proprietary code, as the core codebase for Grafana is open source and publicly available. The software allows users to download, edit, and run the code on their own machines, meaning the value of the stolen repositories may be limited compared to proprietary software. A spokesperson for Grafana Labs did not immediately return a request for comment regarding the ongoing investigation.
The incident stands in contrast to recent breaches in the technology sector, such as the hack at education tech giant Instructure, which reached an agreement to pay hackers following a data breach and website defacement. In that case, attackers threatened to release data about staff and students. Grafana Labs stated that its investigation is ongoing and that findings will be shared once the probe concludes.
