Grafana Labs, a popular open source web visualization software company, has confirmed it was hacked after an unauthorized party accessed its GitHub environment using a stolen token credential. The hackers attempted to blackmail the company by threatening to release the codebase unless Grafana paid them. However, the company refused to pay and has since invalidated the compromised token and added additional security measures.
According to Grafana, the stolen token did not grant access to customer records or financial data, but it is unclear if any proprietary code or information was stolen. The incident highlights a key aspect of open source software: its codebase is public and can be downloaded by anyone, making it difficult for companies like Grafana to protect sensitive information.
Grafana's decision not to pay the hackers contrasts with that of education tech giant Instructure, which paid an undisclosed ransom after being hacked twice in recent weeks. The FBI advises victims not to pay cybercriminals, as it does not guarantee they will return stolen data or refrain from publishing it later. Critics also argue that paying hackers funds future cyberattacks.
Grafana's investigation is ongoing, and the company has promised to share its findings once the probe concludes.
