- Grafana confirms that its GitHub environment was accessed with a stolen token and its codebase was exfiltrated
- Maintenance managers emphasized that no customer data or systems were affected and that security measures were reinforced.
- A group called CoinbaseCartel claimed responsibility and linked the incident to broader ransomware activity.
Popular open source software platform Grafana has confirmed that its GitHub environment was compromised and its code base leaked.
In a violation notice, Grafana Labs maintainers explained that an unauthorized third party used a token to access their GitHub environment, where they were able to download content.
While he did not explain how the token was obtained, Grafana said the initial investigation “determined that no customer data or personal information was accessed during this incident” and that there is no evidence that the breach affected the customer’s systems or operations.
How to stay safe
“We immediately initiated a forensic analysis and believe we have identified the source of the credentials leak,” maintainers further explained. To mitigate the risk, it rotated credentials and introduced additional security measures, without detailing what they are.
Grafana added that the attackers attempted to extort the company in exchange for removing the stolen codebase, but stressed that it will follow the FBI’s advice and not engage with the threat actors.
Their names were not mentioned in the announcement, but for Hacker Newsa collective called CoinbaseCartel claimed responsibility for the attack.
This group is relatively unknown, having first emerged in September 2025. It supposedly emerged from the ShinyHunters, Scattered Spider, and Lapsus$ groups, some of the most active and dangerous ransomware players at the moment.
In these last nine months, the group allegedly attacked 170 organizations across different verticals, including technology, manufacturing, healthcare, transportation, and others.
Grafana is an open source monitoring and observability platform used to visualize metrics, logs, and system performance through dashboards. Grafana Labs, the company that manages and maintains the platform, claims that its tools are used by more than 35 million users worldwide, helping it generate more than $400 million in annual recurring revenue.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
