Grafana discloses GitHub environment security incident, hacker steals code repository and attempts extortion

Odaily reports that Grafana, an open-source data visualization tool, stated on platform X that it recently discovered an unauthorized attacker who obtained a token with access to the Grafana Labs GitHub environment and used it to download the company's code repository. After investigation, it was confirmed that this incident did not involve the leakage of customer data or personal information, nor was any impact on customer systems or business operations found. The company immediately initiated forensic analysis, believes it has identified the source of the credential leak, and the relevant credentials have been revoked. Additional security measures have also been deployed to enhance environmental protection.

Furthermore, Grafana disclosed that the attacker attempted to extort the company by demanding a ransom to prevent the code repository from being made public. Ultimately, the company decided to refuse payment. More details of the incident review will be released after the investigation concludes.