Skip to content

Grafana Source Code Compromised After GitHub Token Theft

Bottom line: Grafana refuses to pay ransom and follows FBI guidance that payments neither guarantee data recovery nor deter future attacks.

Grafana Labs announced that attackers gained access to the source code repository through a stolen GitHub access token. The extortion gang CoinbaseCartel claims responsibility for the attack but has not published the data so far.

The security breach occurred in Grafana’s GitHub environment after an access token was compromised. Forensic analysis identified the source of the stolen credentials. Grafana Labs invalidated the affected credentials and implemented additional security measures to prevent unauthorized access in the future.

According to Grafana, the investigation shows no evidence that customer data or personal information was disclosed during the incident. Customer systems remained unaffected, the company states. Grafana will publish further details after completion of the post-incident investigation.

The attackers demanded ransom in exchange for not publishing the source code. However, Grafana followed FBI guidance and declined to pay. The company justified this by stating that ransom payments neither guarantee the return of data nor deter criminal activity, but rather encourage further attackers.

CoinbaseCartel, a relatively new extortion gang, claimed responsibility via its data leak portal. The group was founded in September and has been active since—researchers indicate it consists of affiliates of ShinyHunters and Lapsus$. It gains access through social engineering, phishing, and compromised credentials. According to the group’s own claims, further breaches have not yet been made public.

Grafana is an open-source platform for analytics, monitoring, and real-time data visualization with over 7,000 user organizations, including 70 percent of Fortune 50 companies. The customer base consists primarily of large enterprises, cloud providers, telecommunications carriers, banks, government agencies, and infrastructure operators.


Source: ainews-dev.lumi-systems.io · Published 18 May 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.5.2.

Share on: