A popular open source developer has revealed that hackers stole its codebase and tried to blackmail the firm into paying a ransom.
Grafana Labs produces AI-powered analytics and visualization app Grafana.
It said in a series of posts on X (formerly Twitter) that an “unauthorized party” managed to obtain a token, giving them access to the firm’s GitHub environment and enabling them to download its source code.
“Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” it added.
“We immediately initiated forensic analysis and we believe we’ve identified the source of the credential leak. We have since invalidated the compromised credentials and implemented additional security measures to further secure our environment against unauthorized access.”
Read more on data extortion: Trellix Reveals Unauthorized Access to Source Code.
Grafana Labs added that the threat actors demanded payment from the firm in order to prevent them releasing the codebase.
“Based on our operational experience and the published stance of the FBI, which notes that ‘paying a ransom doesn’t guarantee you or your organization will get any data back’ and only ‘offers an incentive for others to get involved in this type of illegal activity,’ we’ve determined the appropriate path forward is to not pay the ransom,” it explained.
The firm has promised to share more about how the breach occurred, although reports suggest a relatively new extortion gang known as “CoinbaseCartel” was the culprit.
Grafana Labs claims to have over 7000 global customers, including tech giants such as Anthropic, NVIDIA, Salesforce and Microsoft.
Grafana Labs Doing the Right Thing
Security experts claimed the firm seems to be following best practice incident response processes.
“It looks like Grafana were well prepared for a breach and are following all of the playbook protocols you would expect. It’s too early to speculate on how much of a compromise these attackers have achieved but at least Grafana acknowledge that more information may need to be disclosed as their investigations progress,” said Brian Higgins, security specialist at Comparitech.
“The main takeaway for business peers is that vendor access and supply chain structures remain high value targets for attackers. They have been proven time after time to enable successful infil and exfil pathways and should be high on everybody’s list of priority network sectors for target-hardening.”
