Grafana refused to pay after token theft and repo access

Colleagues, a cybersecurity alert: Grafana Labs confirmed a breach and refused to pay the extortionists.
Investigation: an attacker used a stolen token to access GitLab and obtained source code repositories. The token did not provide access to customer data or finances. Grafana revoked the token and tightened security controls.
Extortionists demanded ransom; Grafana declined, citing FBI guidance. The investigation is ongoing and it remains unclear whether proprietary code was compromised.
Why it matters: the incident highlights token risks and the need to secure development tools.
What additional measures should development teams implement?
#cybersecurity #infosec #DevSecOps #opensource


Latest comments
No comments yet.