Grafana has confirmed that it was the victim of a databreach.

Grafana confirmed that attackers used a compromised token to access its GitHub environment and download its source code. The company stated that no customer or personal data was stolen and that operations were not affected. The attackers, linked to the cybercrime group Coinbase Cartel, demanded a ransom to prevent the code from being leaked, but Grafana refused to pay. Coinbase Cartel—associated with ShinyHunters, Scattered Spider, and Lapsus$—has been conducting a large‑scale data theft campaign since 2025.

Read more:

https://www.securityweek.com/grafana-confirms-breach-after-hackers-claim-they-stole-data/