Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

What’s new: Grafana has reported a breach where an unauthorized party accessed its GitHub environment using a compromised token, allowing them to download the company’s codebase. No customer data was accessed, and Grafana has invalidated the compromised credentials and implemented additional security measures. The attacker attempted to extort the company for payment to prevent the publication of the stolen data, which Grafana refused, following FBI guidance against paying ransoms.

Who’s affected

Grafana and potentially its users, although no customer data or personal information was compromised during the incident.

What to do

• Review and enhance security measures for GitHub environments, including token management and access controls.
• Educate staff on the risks of extortion and the importance of reporting suspicious activity.
• Stay informed about the activities of emerging cybercrime groups, such as CoinbaseCartel, which may target similar organizations.

Sources

• The Hacker News