Grafana refuses to pay ransom after codebase theft
On Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack.
Analytics company Grafana Labs confirmed this weekend that hackers were able to breach their systems and download the company’s codebase.
On Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack.
“We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase,” the company said.
Source: https://therecord.media/grafana-refuses-to-pay-ransom-codebase-theft
Related breach coverage
- Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack2026-05-22
Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek.
- Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network2026-05-19
There is no evidence that the incident has recurred, but the flaw remains unexplained and has not been publicly acknowledged by the company.
- Grafana confirms GitHub token breach cybercrime group claims the attack2026-05-18
Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers […]
- Instructure settles with hackers following massive student data theft2026-05-13
Educational tech firm Instructure reached a deal with hackers after a major Canvas breach exposed data stolen from schools and universities. Educational tech firm Instructure says it reached an agreement with the cybercrime group behind a major Canvas data theft, after attackers broke into its systems and threatened to publish stolen information from schools and […]