Grafana Labs, the creators of popular open-source web visualization software, have confirmed that hackers accessed their code repositories by abusing a stolen token credential. Despite the hackers threatening to release the sensitive information, Grafana refused to pay the ransom demanded.

The company stated in social media posts that it has since invalidated the compromised token and implemented additional security measures to prevent future breaches. While they did not take any customer data, the incident highlights the ongoing risk of cyberattacks even for companies with open-source software.

Contrastingly, a recent hack at Instructure saw the company opt to pay a ransom, agreeing to an undisclosed payment to avoid the release of stolen data related to its users. However, Grafana cited advice from the FBI to victims not to comply with hackers as this does not guarantee the return or non-publication of stolen information.

Critics argue that paying cybercriminals only funds future attacks and may be seen as legitimizing their actions. With ongoing investigations, the company aims to share its findings once they are complete.