Discussion

• @grafana @grafana on x

  🚨 We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase. (1/6)

• @h4ckmanac @h4ckmanac on x

  🚨Cyber Alert ‼️ 🇺🇸USA - 𝗚𝗿𝗮𝗳𝗮𝗻𝗮 Coinbase Cartel hacking group claims to have breached Grafana. Threat actor: Coinbase Cartel Sector: ICT Data exposure (claimed): Not specified Data type: Not specified Observed: May 15, 2026 Status: Pending verification ESIX©: 5.58 [image]

• @grafana @grafana on x

  ... we've determined the appropriate path forward is to not pay the ransom. As part of Grafana Labs' standard security practices, we will share additional information from our post-incident review when our investigations are complete. (6/6)

• @ishratn00ri Ishrat Noori on x

  Stuff like this remind u how important access control is, especially when ur working with data systems

• @grafana @grafana on x

  We immediately initiated forensic analysis and we believe we've identified the source of the credential leak. We have since invalidated the compromised credentials and implemented additional security measures to further secure our environment against unauthorized access. (3/6)

• @rekdt @rekdt on x

  Pro tip: You can actually fire your entire Cybersecurity team if you just decide all your company data is public data

• @quinnypig Corey Quinn on x

  Reminder that “no customer impact” in a breach disclosure is the security equivalent of “we're continuing to invest in this product.” It means whatever the legal team needed it to mean at 11pm last night.

• @matsiiako Vlad Matsiiako on x

  Unfortunately, such breaches will only keep getting more common in the coming months. Here are some steps you can take to protect yourself: - Rotate your secrets on a schedule or generate them dynamically. - @infisical Honey Tokens help discover and remediate credential

• @neembu_paani31 @neembu_paani31 on x

  a hacker got unauthorised access to grafana labs github, downloaded their whole source code, threatening to leak it

• @thedealdirector @thedealdirector on x

  The Grafana boys were breached on Friday (well, the ransomware note was posted then) and I'm sure the last 48 hours were as fun as passing a kidney stone the size of an egg.

• @grafana @grafana on x

  Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations. (2/6)

• @troyhunt Troy Hunt on x

  Grafana giving a big middle finger to extortion:

• @francescociull4 Francesco Ciulla on x

  Grafana has been hacked.

• @__roycohen Roy on x

  @grafana I swear to God, in like 1-5 years we're going to private key multi-signing to do simple git commits.

• @grafana @grafana on x

  The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase. (4/6)

• @grafana @grafana on x

  Based on our operational experience and the published stance of the FBI, which notes that “paying a ransom doesn't guarantee you or your organization will get any data back” and only “offers an incentive for others to get involved in this type of illegal activity,” (5/6)

• @allseteslla @allseteslla on x

  @grafana guys I think the attacker also made your repository public I am sorry you got your open source project leaked like that and I hope you recover fast from this. https://github.com/...