Grafana discloses GitHub environment security incident, hacker steals code repository and attempts extortion

Odaily reports that Grafana, an open-source data visualization tool, posted on X platform that it recently discovered an unauthorized attacker had obtained a token capable of accessing the Grafana Labs GitHub environment, which was then used to download the company's code repository. The investigation confirmed that this incident did not involve the leakage of customer data or personal information, and no impact on customer systems or business operations was found. The company immediately initiated forensic analysis, believes it has identified the source of the credential leak, and the affected credentials have been revoked. Additional security measures have also been deployed to strengthen environmental protection.

Furthermore, Grafana disclosed that the attacker attempted to demand a ransom payment in exchange for not making the code repository public. However, the company ultimately decided to refuse the ransom demand and will release more details about the incident review after the investigation concludes.