/
Navigation
Chronicles
Browse all articles
Explore
Semantic exploration
Research
Entity momentum
Nexus
Correlations & relationships
Story Arc
Topic evolution
Drift Map
Semantic trajectory animation
Posts
Analysis & commentary
Pulse API
Tech news intelligence API
Browse
Entities
Companies, people, products, technologies
Domains
Browse by publication source
Handles
Browse by social media handle
Detection
Concept Search
Semantic similarity search
High Impact Stories
Top coverage by position
Sentiment Analysis
Positive/negative coverage
Anomaly Detection
Unusual coverage patterns
Analysis
Rivalry Report
Compare two entities head-to-head
Semantic Pivots
Narrative discontinuities
Crisis Response
Event recovery patterns
Connected
Search: /
Command: ⌘K
Embeddings: large
TEXXR
TEXXR

Chronicles

The story behind the story

days · browse · Enter similar · o open

Grafana says hackers have accessed its GitHub environment and demanded a ransom to prevent the release of its codebase; Grafana refused to pay

Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company's GitHub environment and download its codebase.

The Hacker News

Related Coverage

Discussion

  • @grafana @grafana on x
    🚨 We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase. (1/6)
  • @h4ckmanac @h4ckmanac on x
    🚨Cyber Alert ‼️ 🇺🇸USA - 𝗚𝗿𝗮𝗳𝗮𝗻𝗮 Coinbase Cartel hacking group claims to have breached Grafana. Threat actor: Coinbase Cartel Sector: ICT Data exposure (claimed): Not specified Data type: Not specified Observed: May 15, 2026 Status: Pending verification ESIX©: 5.58 [image]
  • @grafana @grafana on x
    ... we've determined the appropriate path forward is to not pay the ransom. As part of Grafana Labs' standard security practices, we will share additional information from our post-incident review when our investigations are complete. (6/6)
  • @grafana @grafana on x
    We immediately initiated forensic analysis and we believe we've identified the source of the credential leak. We have since invalidated the compromised credentials and implemented additional security measures to further secure our environment against unauthorized access. (3/6)
  • @__roycohen Roy on x
    @grafana I swear to God, in like 1-5 years we're going to private key multi-signing to do simple git commits.
  • @grafana @grafana on x
    The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase. (4/6)
  • @grafana @grafana on x
    Based on our operational experience and the published stance of the FBI, which notes that “paying a ransom doesn't guarantee you or your organization will get any data back” and only “offers an incentive for others to get involved in this type of illegal activity,” (5/6)
  • @grafana @grafana on x
    Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations. (2/6)
  • @allseteslla @allseteslla on x
    @grafana guys I think the attacker also made your repository public I am sorry you got your open source project leaked like that and I hope you recover fast from this. https://github.com/...