2 weeks ago
19
Image Credits:Zf L / Getty Images6:42 AM PDT · May 18, 2026
Grafana Labs, the shaper of its eponymous fashionable unfastened root web visualization software, confirmed it had been hacked but that it refused to wage the hackers who had threatened to merchandise the company’s codebase.
In a bid of posts connected societal media, the laboratory said its probe recovered that the hackers had abused a stolen token credential that allowed entree to the company’s GitLab environment, which it uses for codification development. The token did not supply entree to lawsuit records oregon fiscal data, but allowed the hackers to get the company’s repositories of root code. The institution has since invalidated the token and added further information measures to forestall a repetition incident.
“The attacker attempted to blackmail us, demanding outgo to forestall the merchandise of our codebase,” the institution said.
Grafana’s codification is unfastened root and public, meaning anyone tin download the bundle and edit its codification earlier moving it connected their ain machines. It’s unclear if the hackers stole immoderate proprietary codification oregon information. A spokesperson for the institution did not instantly instrumentality a petition for comment.
The incidental contrasts with the caller hack astatine acquisition tech elephantine Instructure, which past week “reached an agreement” to wage the hackers who had compromised its web doubly successful caller weeks. The hackers had demanded an unspecified ransom, threatening to merchandise stolen information astir unit and students who usage its bundle following a monolithic information breach and a consequent website defacement.
While successful Grafana’s case, nary lawsuit information was taken, the institution cited the FBI’s long-standing proposal urging victims not to wage hackers, arsenic cooperating with hackers does not warrant that they would instrumentality stolen information oregon refrain from publishing it later. Critics besides accidental paying cybercriminals helps to money aboriginal cyberattacks.
Grafana said its probe was ongoing and volition stock its findings erstwhile its probe concludes.
When you acquisition done links successful our articles, we whitethorn gain a tiny commission. This doesn’t impact our editorial independence.
Zack Whittaker is the information exertion astatine TechCrunch. He besides authors the play cybersecurity newsletter, this week successful security.
He tin beryllium reached via encrypted connection astatine zackwhittaker.1337 connected Signal. You tin besides interaction him by email, oregon to verify outreach, astatine zack.whittaker@techcrunch.com.
English (US) ·