Overview
- Grafana disclosed Sunday that an attacker used a stolen GitHub token to access its environment and download company source code.
- The company says it found no access to customer data or impact on customer systems, though stolen code can still create long-term security risks.
- Grafana launched a forensic review, says it identified how the credential leaked, revoked the token, and added new safeguards around GitHub access.
- The attacker demanded payment to keep the code private, and Grafana says it refused in line with FBI guidance against paying ransoms.
- Attribution remains unconfirmed, with outside reports pointing to a claim by a group known as CoinbaseCartel.