GRAFANA has disclosed that an unauthorized party obtained a token that granted access to its GitHub environment and allowed the downloader to access the company’s codebase. According to Grafana, the investigation determined that no customer data or personal information was accessed during the incident, and there was no evidence of impact to customer systems or operations.
The company said it immediately launched a forensic analysis, identified the leak’s source, invalidated the compromised credentials, and implemented extra security measures to guard against further unauthorized access. The attacker also attempted to blackmail and extort Grafana, demanding payment to prevent the stolen database from being published, but Grafana did not pay the ransom, citing the FBI.
The breach has not been attributed to any known threat actor or group, though reports from Hackmanac and Ransomware[.]live have indicated CoinbaseCartel claimed responsibility; CoinbaseCartel is described by Halcyon and Fortinet FortiGuard Labs as a data extortion crew that emerged in September 2025. Grafana said it learned of the attack recently and did not reveal when it took place.