GRAFANA Labs says hackers stole its source code after an unauthorised party obtained a token that gave access to its GitHub environment and allowed download of the codebase. The firm said in posts on X that they have invalidated the compromised credentials and implemented additional security measures, adding that no customer data or personal information was accessed and there was no impact to customer systems or operations.
The attackers reportedly demanded payment to prevent the codebase being released, but Grafana explained that, based on the operational experience and the published stance of the FBI, paying a ransom doesn’t guarantee data recovery and only incentivises further criminal activity, so the firm chose not to pay. Reports have suggested a relatively new extortion gang named “CoinbaseCartel” may be responsible. Grafana Labs claims over 7,000 global customers, including Anthropic, NVIDIA, Salesforce and Microsoft.