Grafana Labs Confirms Hackers Stole Source Code
Grafana Labs Confirms Hackers Stole Source Code
https://www.infosecurity-magazine.com/news/grafana-labs-confirms-hackers/
Publish Date: 2026-05-19 05:15:00
Source Domain: www.infosecurity-magazine.com
A popular open source developer has revealed that hackers stole its codebase and tried to blackmail the firm into paying a ransom.
Grafana Labs produces AI-powered analytics and visualization app Grafana.
It said in a series of posts on X (formerly Twitter) that an “unauthorized party” managed to obtain a token, giving them access to the firm’s GitHub environment and enabling them to download its source code.
“Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” it added.
“We immediately initiated forensic analysis and we believe we’ve identified the source of the credential leak. We have since invalidated the compromised credentials and implemented additional security measures to further secure our environment against unauthorized access.”
Read more on data extortion: Trellix Reveals Unauthorized Access to Source Code.
Grafana Labs added that the threat actors demanded payment from the firm in order to prevent them releasing the codebase.
“Based on our operational experience and the published stance of the FBI, which notes that ‘paying a ransom doesn’t guarantee you or your organization will get any data back’ and only ‘offers an incentive for others to get involved in this type of illegal activity,’ we’ve determined the appropriate path forward is to not pay the ransom,” it explained.
The firm has promised to share more about how the breach occurred, although reports suggest a relatively new extortion gang known as “CoinbaseCartel” was the culprit.
Grafana Labs claims to have over 7000 global customers, including tech giants such as Anthropic, NVIDIA, Salesforce and Microsoft.
Grafana Labs Doing the Right Thing
Security experts claimed the firm seems to be following best practice incident response processes.
“It looks like Grafana were well prepared for a breach and are…
