Per HackRead, Grafana Labs has reported a security incident where an unauthorized actor gained access to a portion of its GitHub environment, resulting in the download of the company's source code.The breach occurred after a threat actor obtained a compromised token. Grafana Labs stated that its investigation has found no evidence of customer data exposure or impact to customer systems. The attacker reportedly attempted to extort Grafana Labs by demanding payment in exchange for not releasing the stolen code. Grafana Labs declined to pay, citing FBI guidance that advises against such payments, as they do not guarantee data recovery and can encourage further criminal activity. The company has invalidated the compromised credentials, implemented new safeguards, and is conducting a forensic investigation to understand how the credentials were exposed.While customer data was not compromised, breaches involving source code can still pose long-term security risks, as attackers may analyze the code for vulnerabilities or deployment details to aid future attacks. Grafana Labs plans to release further details following the completion of its post-incident review.Source: HackRead
Breach
Grafana Labs discloses GitHub environment breach, source code downloaded

(Credit: Timon – stock.adobe.com)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
Attack VectorYou can skip this ad in 5 seconds



