GRAFANA confirms a data breach after being listed by Coinbase Cartel on its leak site, with the intrusion traced to a compromised token that granted access to Grafana Labs’ GitHub environment. SecurityWeek reports that Grafana admitted attackers downloaded its codebase, but stressed that no personal or customer information was stolen and there was no impact on customer systems or operations.
The firm said the attackers demanded a ransom to prevent the source code from being leaked, but Grafana has decided not to pay. The compromised credentials have been reset and a forensic analysis is underway, with Grafana promising to share further details once the investigation is completed. Grafana was listed on Coinbase Cartel’s site on 15 May, and the group claims it has 105 victims, though SecurityWeek notes that no data appeared to be leaked at the time of writing.
The cybercrime alliance linked to ShinyHunters, Scattered Spider, and Lapsus$ has been active since mid-2025, with SecurityWeek noting a broader data-theft campaign behind the affiliation.