- Grafana confirms that its GitHub environment was accessed with a stolen token and its codebase was exfiltrated
- Maintainers emphasized that no customer data or systems were affected and security measures were strengthened
- A group called CoinbaseCartel claimed responsibility and linked the incident to wider ransomware activity
Popular open source software platform Grafana has confirmed that its GitHub environment was compromised and its code base was exfiltrated.
In a breach notification, maintainers Grafana Labs explained that an unauthorized third party used a token to gain access to its GitHub environment, where they were able to download the content.
While it did not explain how the token was captured, Grafana said the initial investigation “determined that no customer data or personal information was accessed during this incident” and that there is no evidence that the breach affected customers’ systems or operations.
How to stay safe
“We immediately began a forensic analysis and we believe we have identified the source of the credential leak,” the maintainers further explained. To mitigate the risk, it rotated the credentials and introduced additional security measures without specifying what they are.
Grafana added that the attackers tried to blackmail the company in exchange for deleting the stolen codebase, but stressed that they will take the FBI’s advice and not engage with the threat actors.
Their names were not mentioned in the announcement, but per Hacker Newsa collective called the CoinbaseCartel claimed responsibility for the attack.
This group is relatively unknown since it first appeared in September 2025. It is said to have spun off from the ShinyHunters, Scattered Spider and Lapsus$ groups – some of the most active and dangerous ransomware players right now.
Over the past nine months, the group has reportedly targeted 170 organizations in various verticals, including technology, manufacturing, healthcare, transportation and others.
Grafana is an open source observation and monitoring platform used to visualize metrics, logs and system performance through dashboards. Grafana Labs, the company that operates and maintains the platform, claims its tools are used by more than 35 million users worldwide, helping it generate more than $400 million in annual recurring revenue.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
