Overview
- Grafana said over the weekend that a stolen access token let an intruder enter its GitHub environment and download its source code.
- Investigators reported no access to customer or personal data and no effect on customer systems, and the company revoked the token and began a forensic review.
- Attackers demanded payment to stop a leak of the code, and Grafana refused to pay, citing FBI guidance that ransoms do not ensure data will be returned or kept private.
- A group calling itself CoinbaseCartel claimed the intrusion on a leak site, according to multiple reports, and researchers link the crew to the ShinyHunters, LAPSUS$, and Scattered Spider ecosystem.
- Even with much of Grafana’s software open source, private repos can hold proprietary features, build details, or secrets that attackers can mine for flaws, raising the risk of future exploits or supply‑chain attacks.