Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft

Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft

Briefly

"Grafana has confirmed that an unauthorized party gained access to its GitHub environment after obtaining a compromised token, allowing the attacker to download parts of its codebase. In a public statement shared on X, the company said its investigation found no evidence that customer data or personal information was accessed and that no evidence that customer systems or operations were affected. The breach was discovered after unusual activity triggered a forensic investigation."

"Following the discovery, Grafana moved quickly to contain the incident. The company confirmed that the stolen credentials had been invalidated and that additional security controls had been deployed to prevent similar access in the future. Grafana also emphasized that its customer-facing systems remained unaffected throughout the incident and that no operational disruption was observed. A full post-incident review is still ongoing, with the company promising to release more details once the investigation concludes."

"After gaining access and downloading the codebase, the attacker reportedly attempted to extort Grafana, demanding payment in exchange for not leaking the stolen data. Grafana declined to pay the ransom. In its statement, the company referenced guidance from the FBI, noting that paying extortion demands does not guarantee data recovery and may encourage further attacks. The company said its decision aligns with established security practices and law enforcement recommendations."