Grafana says hackers hit its GitHub environment, demand ransom to prevent codebase release — but it’s refusing to pay

May 18, 2026

ransomware avast
(Image credit: Avast)
  • Grafana confirms its GitHub environment was accessed with a stolen token and its codebase exfiltrated
  • Maintainers stressed no customer data or systems were impacted and security measures were reinforced
  • A group called CoinbaseCartel claimed responsibility, linking the incident to broader ransomware activity

Popular open source software platform Grafana has confirmed its GitHub environment was compromised and its codebase exfiltrated.

In a breach notification, maintainers Grafana Labs explained that an unauthorized third party used a token to access its GitHub environment, where they were able to download the contents.

While it didn’t explain how the token was nabbed, Grafana said that the initial investigation “determined that no customer data or personal information was accessed during this incident,” and that there is no evidence that the breach impacted customer systems or operations.

Latest Videos From

“We immediately initiated forensic analysis and we believe we’ve identified the source of the credential leak,” the maintainers further explained. To mitigate the risk, it rotated the credentials and introduced additional security measures, without detailing what they are.

Grafana added that the attackers tried to extort the company, in exchange for deleting the stolen codebase, but stressed that it will take the FBI’s advice and not engage with the threat actors.

Their names were not mentioned in the announcement, but per The Hacker News, a collective called CoinbaseCartel claimed responsibility for the attack.

This group is relatively unknown, since it first emerged in September 2025. Allegedly, it spun out of ShinyHunters, Scattered Spider, and the Lapsus$ groups – some of the most active and most dangerous ransomware players right now.

In these past nine months, the group allegedly struck 170 organizations in different verticals, including technology, manufacturing, healthcare, transportation, and others.

Grafana is an open-source observability and monitoring platform used to visualize metrics, logs, and system performance through dashboards. Grafana Labs, the company running and maintaining the platform, claims its tools are used by more than 35 million users worldwide, helping it generate more than $400 million in annual recurring revenue.

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News andadd us as a preferred source to get our expert news, reviews, and opinion in your feeds.

  

Search

RECENT PRESS RELEASES

Related Post

Cannabis company abruptly closes all stores amid lawsuits
Cannabis company abruptly closes all stores amid lawsuits
Gallery

Cannabis company abruptly closes all stores amid lawsuits

May 18, 2026
Brunswick Hills considers plan for cannabis dispensary on Pearl Road
Brunswick Hills considers plan for cannabis dispensary on Pearl Road
Gallery

Brunswick Hills considers plan for cannabis dispensary on Pearl Road

May 18, 2026
Marijuana Can Play A Role In Combating Obesity, Contrary To Stereotypes About Lazy Stoners With The Munchies, New Federally Funded Study Suggests 
Marijuana Can Play A Role In Combating Obesity, Contrary To Stereotypes About Lazy Stoners With The Munchies, New Federally Funded Study Suggests 
Gallery

Marijuana Can Play A Role In Combating Obesity, Contrary To Stereotypes About Lazy Stoners With The Munchies, New Federally Funded Study Suggests 

May 18, 2026
Stratford approves cannabis company’s plan to build cultivation facility
Stratford approves cannabis company’s plan to build cultivation facility
Gallery

Stratford approves cannabis company’s plan to build cultivation facility

May 18, 2026