Grafana Labs disclosed a security breach in which attackers used a stolen GitHub token — enabled by a 'Pwn Request' misconfiguration in a GitHub Actions workflow — to exfiltrate its codebase. The attackers, identified as the CoinbaseCartel extortion group, demanded a ransom to prevent releasing the code. Grafana refused, citing FBI guidance against paying ransoms, and noted the irony that the stolen code was already publicly available as open source. The incident is contrasted with Instructure (Canvas), which reportedly paid ~$10M to hackers after a breach involving actual student and staff personal data. The breach was caught via a canary token, and the compromised GitHub token has since been invalidated.
Sort: