Grafana Labs disclosed on Tuesday that unknown attackers exfiltrated portions of its open-source codebase and demanded a ransom, which the company has refused to pay, according to techcrunch.com.
The breach, detected last week, involved unauthorized access to Grafana’s GitHub repositories that house the source code for its widely-used observability stack. Grafana Labs said in a blog post that the intruders copied select repositories and then left ransom notes threatening to release the code unless paid in cryptocurrency. The company immediately rotated all exposed credentials, invalidated affected tokens, and brought in external forensics specialists to trace the intrusion, techcrunch.com reported.
The incident shines a spotlight on the security posture of open-source vendors whose code is already public.Unlike proprietary software firms that risk exposing trade secrets, Grafana’s primary concern is reputational and downstream supply-chain risk, because attackers could inject malicious commits or back-doored releases. Comparable breaches at LastPass and CircleCI in 2022 led to secondary attacks on customers who relied on those platforms for CI/CD or password storage, according to techcrunch.com. With more than 10 million downloads of Grafana’s Docker images each month, any compromise of build artifacts could ripple across enterprise DevOps stacks.
Grafana Labs plans to publish a full incident report within 14 days and roll out mandatory two-factor authentication for all maintainers by the end of May, the company told techcrunch.com. Users should watch for an updated signing key for release artifacts and a forthcoming blog post detailing new GitHub security rules the firm is enforcing across its 300-plus public repositories.
ops.llm_calls. Every fact traces to a citation. If a fact looks wrong, write to corrections.