GoKawiilGrafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token.
A relatively new extortion gang known as CoinbaseCartel has claimed the attack by adding Grafana to their data leak site (DLS), although no data has been leaked yet.
Grafana Labs is the company behind Grafana, the popular open-source platform for analytics, monitoring, and real-time data visualization.
Paying customers are primarily large enterprises, cloud providers, telecos, banks, governments, e-commerce platforms, and infrastructure operators. According to Grafana, more than 7,000 organizations use the product, including 70% of the Fortune 50 companies.
No payment for hackers
In an announcement over the weekend, Grafana Labs said that its investigation found no evidence that customer data or personal information was exposed during the incident. Furthermore, the company notes that customer systems remained unaffected.
The forensic analysis revealed the source of the leaked credentials. The company "invalidated the compromised credentials and implemented additional security measures" to prevent future unauthorized access.
The attacker attempted to extort the company, demanding payment in exchange for not publishing the stolen source code. However, Grafana said it chose to follow public guidance from the Federal Bureau of Investigation (FBI) and not pay the ransom, noting that doing so would only encourage other threat actors to pursue similar attacks.
“Based on our operational experience and the published stance of the FBI, which notes that paying a ransom doesn’t guarantee you or your organization will get any data back and only offers an incentive for others to get involved in this type of illegal activity, we’ve determined the appropriate path forward is not to pay the ransom,” Grafana stated.
The company said it would release more details about the attack after completing its post-incident investigation.
... continue reading