Grafana Labs said a hacker gained access to its GitHub environment and downloaded its codebase, according to a Saturday post on X and LinkedIn.
The firm operates an open-source observability platform with more than 25 million users and 7,000 customers globally. The platform is used by major companies, including Nvidia, Microsoft, Anthropic and others, the company said.
According to Grafana Labs, no customer data or personal information was accessed during the attack, and it found no evidence that operations or customer systems were impacted.
The attackers attempted to blackmail the firm, threatening to release the codebase if not paid.
The company refused the demand, citing guidance from the FBI that payment would only incentivize future attacks and offer no guarantee the data would be returned.
Grafana Labs launched an internal investigation into the incident and said it believes it has identified the source of the credential leak. The company has “invalidated the compromised credentials” and taken measures to better secure its environment against attacks.
