Grafana Labs says hackers accessed its GitLab environment using a stolen token, threatened to release its codebase, and demanded payment. The company has invalidated the token, added security measures, and says it will not pay.
Grafana Labs says it was hacked—but it is drawing a hard line at the demand that followed. In posts on social media, the open source lab confirmed attackers threatened to release its codebase unless it paid, and it refused.
The company says its investigation found the hackers abused a stolen token credential that granted access to Grafana’s GitLab environment. which the lab uses for code development.. That token did not provide access to customer records or financial data.. Still, it allowed the attackers to obtain the company’s repositories of source code.
Grafana says it has since invalidated the token and added additional security measures to prevent a repeat incident. “The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase,” the company said.
Grafana’s software is open source. meaning anyone can download it and edit it before running it on their own machines.. Even so, it remains unclear whether the hackers stole any proprietary code or other information beyond the codebase repositories.. A spokesperson for the company did not immediately return a request for comment.
The episode lands awkwardly beside another recent incident in the education technology space.. Education tech giant Instructure. reported as having “reached an agreement” to pay hackers after its network was compromised twice in recent weeks. said the attackers had threatened to release stolen data about staff and students who use its software.. That pressure came after a massive data breach and a subsequent website defacement.. Instructure’s attackers demanded an unspecified ransom.
The tension between the two cases shows up in the specifics Grafana emphasized: no customer data was taken. but the company still faced blackmail tied to code access.. Grafana pointed to the FBI’s long-standing advice urging victims not to pay hackers. noting that cooperating does not guarantee stolen data will be returned or that attackers will refrain from publishing it later.. Critics also argue that paying cybercriminals helps fund future cyberattacks.
Grafana said its investigation was ongoing and that it would share its findings once its probe concludes.
The pattern in the reporting is direct: both incidents involve hackers threatening disclosure to push payment. but Grafana’s stance hinges on the fact that its token gave access to code repositories rather than customer records or financial data. alongside the FBI guidance it cites about why paying doesn’t ensure silence or recovery.
Grafana Labs Grafana open source hacking GitLab token credential codebase blackmail cybersecurity ransom demand FBI advice Instructure hack