Grafana says hackers hit its GitHub environment, demand ransom to prevent codebase release — but it’s refusing to pay
- Grafana confirms its GitHub environment was accessed with a stolen token and its codebase exfiltrated
- Maintainers stressed no customer data or systems were impacted and security measures were reinforced
- A group called CoinbaseCartel claimed responsibility, linking the incident to broader ransomware activity
Popular open source software platform Grafana has confirmed its GitHub environment was compromised and its codebase exfiltrated.
In a breach notification, maintainers Grafana Labs explained that an unauthorized third party used a token to access its GitHub environment, where they were able to download the contents.
While it didn’t explain how the token was nabbed, Grafana said that the initial investigation “determined that no customer data or personal information was accessed during this incident,” and that there is no evidence that the breach impacted customer systems or operations.
How to stay safe
“We immediately initiated forensic analysis and we believe we’ve identified the source of the credential leak,” the maintainers further explained. To mitigate the risk, it rotated the credentials and introduced additional security measures, without detailing what they are.
Grafana added that the attackers tried to extort the company, in exchange for deleting the stolen codebase, but stressed that it will take the FBI’s advice and not engage with the threat actors.
Their names were not mentioned in the announcement, but per The Hacker News, a collective called CoinbaseCartel claimed responsibility for the attack.
This group is relatively unknown, since it first emerged in September 2025. Allegedly, it spun out of ShinyHunters, Scattered Spider, and the Lapsus$ groups – some of the most active and most dangerous ransomware players right now.
In these past nine months, the group allegedly struck 170 organizations in different verticals, including technology, manufacturing, healthcare, transportation, and others.
Grafana is an open-source observability and monitoring platform used to visualize metrics, logs, and system performance through dashboards. Grafana Labs, the company running and maintaining the platform, claims its tools are used by more than 35 million users worldwide, helping it generate more than $400 million in annual recurring revenue.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
:max_bytes(150000):strip_icc():format(jpeg)/Health-GettyImages-1491105387-3e898c2bb9cc4155b45dab9bd88eeaf6.jpg?w=390&resize=390,220&ssl=1 "Understanding Splenomegaly and Its Treatment Options")
