Grafana Labs, the maker of popular open source monitoring and observability tooling, is resisting paying off a threat actor that gained access to its GitHub environment and downloaded its codebase.
Grafana is a popular tool used to visualise metrics, logs and traces from sources such as ElasticSearch, Postgres, Prometheus, Loki and others.
In a breach disclosure, the company said the threat actor obtained leaked GitHub credentials that they used to access the repository.
The credentials have since been invalidated, but not before the threat actor was able to access and steal source code.
The company said it had also put unspecified additional security measures in place to further secure its environment against unauthorised access.
Grafana said in a LinkedIn post that the “the attacker attempted to blackmail us, demanding payment to prevent the release of our codebase.”
It is not known how much in ransom the threat actor asked for; however, Grafana said it would not pay, citing its own “operational experience” as a reason not to, alongside official advice from the Federal Bureau of Investigation (FBI) advising against the practice.
… we’ve determined the appropriate path forward is to not pay the ransom.
As part of Grafana Labs’ standard security practices, we will share additional information from our post-incident review when our investigations are complete. (6/6)
— Grafana (@grafana) May 17, 2026
No customer data or personal information was accessed during the hack, and Grafana said it has found no evidence of impact to customer systems or operations.
iTnews has contacted Grafana Labs for additional comment on the incident.
