Grafana Labs internal source code accessed

🚨 We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase. (1/6)

We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase. (1/6)

Our investigation has determined that no customer data or personal  information was accessed during this incident, and we have found no evidence of impact to customer systems or operations. (2/6)

We immediately initiated forensic analysis and we believe we’ve identified the source of the credential leak. 

We have since invalidated the compromised credentials and implemented additional security measures to further secure our environment against unauthorized access. (3/6)

The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase. (4/6)

Based on our operational experience and the published stance of the FBI, which notes that “paying a ransom doesn’t guarantee you or your organization will get any data back” and only “offers an incentive for others to get involved in this type of illegal activity,” (5/6)

… we’ve determined the appropriate path forward is to not pay the ransom. 

As part of Grafana Labs’ standard security practices, we will share additional information from our post-incident review when our investigations are complete. (6/6)