Grafana Labs, the maker of its eponymous fashionable open supply net visualization software program, confirmed it had been hacked however that it refused to pay the hackers who had threatened to launch the corporate’s codebase.
In a sequence of posts on social media, the lab mentioned its investigation discovered that the hackers had abused a stolen token credential that allowed entry to the corporate’s GitLab surroundings, which it makes use of for code growth. The token didn’t present entry to buyer information or monetary knowledge, however allowed the hackers to acquire the corporate’s repositories of supply code. The corporate has since invalidated the token and added further security measures to forestall a repeat incident.
“The attacker tried to blackmail us, demanding fee to forestall the discharge of our codebase,” the corporate mentioned.
Grafana’s code is open supply and public, that means anybody can obtain the software program and edit its code earlier than operating it on their very own machines. It’s unclear if the hackers stole any proprietary code or info. A spokesperson for the corporate didn’t instantly return a request for remark.
The incident contrasts with the latest hack at training tech big Instructure, which final week “reached an settlement” to pay the hackers who had compromised its community twice in latest weeks. The hackers had demanded an unspecified ransom, threatening to launch stolen knowledge about employees and college students who use its software program following an enormous data breach and a subsequent web site defacement.
Whereas in Grafana’s case, no buyer knowledge was taken, the corporate cited the FBI’s long-standing recommendation urging victims to not pay hackers, as cooperating with hackers doesn’t assure that they might return stolen knowledge or chorus from publishing it later. Critics additionally say paying cybercriminals helps to fund future cyberattacks.
Grafana mentioned its investigation was ongoing and can share its findings as soon as its probe concludes.
If you buy by means of hyperlinks in our articles, we might earn a small fee. This doesn’t have an effect on our editorial independence.
