Grafana Labs, the company behind the widely used open source web visualization software of the same name, confirmed in May 2026 that hackers breached its systems and stole its codebase — but said it declined to pay the demanded ransom.
According to the company, attackers gained access to its GitLab environment by abusing a stolen token credential. That access allowed the hackers to copy Grafana’s source code repositories. The compromised token did not provide access to customer records or financial data. Grafana has since invalidated the token and implemented additional security measures.
“The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase,” the company said in a series of social media posts.
Grafana’s software is open source, meaning its code is already publicly available for anyone to download and modify. It remains unclear whether any proprietary code or information was also taken in the breach.
In declining to pay, Grafana cited long-standing FBI guidance advising victims against paying hackers, noting that doing so does not guarantee stolen data will be returned or withheld from publication. Critics have also argued that paying ransoms helps fund future cyberattacks.
The decision stands in contrast to a recent incident involving education technology company Instructure, which last week reached an agreement to pay hackers who had compromised its network twice in recent weeks. In that case, attackers had threatened to release data belonging to staff and students following a data breach and a subsequent website defacement.
Grafana said its investigation is ongoing and that it will share further findings once the probe concludes.
Source: TechCrunch