Grafana Labs, the maker of the popular open source web visualization software that bears the company’s name, acknowledged that it had been hacked but announced that it refused to pay the hackers who threatened to expose its codebase.
In a series of social media posts, the institute said its investigation found that hackers misused stolen token credentials that granted access to the company’s GitLab environment used to develop code. The token did not provide access to customer records or financial data, but it did allow hackers to obtain a repository of the company’s source code. The company has since disabled the token and added additional security measures to prevent the incident from happening again.
“The attackers attempted to blackmail us by demanding payment to prevent the release of the codebase,” the company said.
Grafana’s code is open source, so anyone can download the software and edit the code before running it on their own machine. It is unclear whether the hackers stole any proprietary code or information. A company spokesperson did not respond to a request for comment.
The incident stands in contrast to the recent hack of education technology giant Instruct, which last week “reached an agreement” to pay off hackers who breached the company’s network twice in recent weeks. The hackers had threatened to release stolen data about employees and students using the company’s software and demanded an unspecified ransom following a massive data breach and subsequent website defacement.
Although no customer data was stolen in Grafana’s case, the company cited long-standing FBI advice asking victims not to pay money to hackers, because even if they cooperate with the hackers, there is no guarantee they will return the stolen data or refrain from making it public later. Critics also argue that paying money to cybercriminals helps fund future cyberattacks.
Grafana said the investigation is ongoing and will share its findings once the investigation is complete.
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
Source link
