Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom

Source: TechCrunch

6:42 AM PDT · May 18, 2026

Grafana Labs Confirms Hack, Refuses Ransom

Grafana Labs, the maker of the popular open‑source web visualization software Grafana, confirmed that it had been hacked but refused to pay the ransom demanded by the attackers.

How the Breach Occurred

• The attackers abused a stolen token credential that granted access to Grafana’s GitLab environment, which is used for code development.
• The token did not provide access to customer records or financial data, but it allowed the attackers to obtain the company’s source‑code repositories.
• Grafana has since invalidated the token and added additional security measures to prevent a repeat incident.

“The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase,” the company said.

Impact on the Codebase

• Grafana’s code is open source and publicly available, meaning anyone can download, modify, and run it on their own machines.
• It is unclear whether the hackers stole any proprietary code or information.
• A spokesperson for the company did not immediately return a request for comment.

Comparison with Recent Instructure Hack

• The incident contrasts with the recent hack at education‑tech giant Instructure, which last week reached an agreement to pay the hackers who had compromised its network twice in recent weeks.
• Those attackers demanded an unspecified ransom and threatened to release stolen data about staff and students following a massive data breach and a subsequent website defacement. See details here.

Company Stance and Future Steps

• In Grafana’s case, no customer data was taken.
• The company cited the FBI’s long‑standing advice urging victims not to pay hackers, noting that cooperating with attackers does not guarantee that they will return stolen data or refrain from publishing it later.
• Critics also argue that paying cybercriminals helps fund future attacks.
• Grafana said its investigation is ongoing and it will share its findings once the probe concludes.