Grafana Labs disclosed a security incident in its GitHub environment, stating that customer data was unaffected and refusing to pay the ransom.

CoinFeed reported on May 18th that Grafana, an open-source data visualization tool, announced on its X platform that an unauthorized party recently obtained a token to access its Grafana Labs GitHub environment, which the attacker used to download its codebase. The company's investigation determined that no customer data or personal information was accessed in this incident, and no impact was found on customer systems or operations. The company immediately initiated forensic analysis and believes it has identified the source of the credential breach. Currently, Grafana has invalidated the compromised credential and implemented additional security measures. The attacker attempted to extort money from the company, demanding a ransom to prevent the release of its codebase. Based on operational experience and the FBI's public stance (paying a ransom does not guarantee data recovery and only incentivizes more such illegal activities), Grafana decided not to pay the ransom.