Close Menu

    Subscribe to Updates

    Get the latest creative news from infofortech

    What's Hot

    Following the questions where they lead | MIT News

    July 18, 2026

    Best Over-Ear Headphones of 2026

    July 17, 2026

    How AI Voice Agents Change The Game For CX

    July 17, 2026
    Facebook X (Twitter) Instagram
    InfoForTech
    • Home
    • Latest in Tech
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    Facebook X (Twitter) Instagram
    InfoForTech
    Home»Cybersecurity»Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
    Cybersecurity

    Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

    InfoForTechBy InfoForTechMay 17, 2026No Comments3 Mins Read
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
    Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
    Share
    Facebook Twitter LinkedIn Pinterest Telegram Email


    Ravie LakshmananMay 17, 2026Data Breach / Cybercrime

    Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase.

    “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana
    said
    in a series of posts on X.

    The company also said it immediately launched a forensic analysis upon discovering the activity and that it identified the source of the leak, adding the compromised credentials have since been invalidated, and extra security measures have been implemented to secure against unauthorized access.

    Furthermore, Grafana revealed the attacker tried to blackmail and extort the company, demanding they make a payment to prevent the stolen database from being published.

    Grafana said it has opted not to pay the ransom, citing the U.S. Federal Bureau of Investigation (FBI). The agency has previously warned against negotiating ransoms with perpetrators, as there is no guarantee that doing so will help affected companies get their data back.

    “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” the FBI
    states
    on its website.

    Grafana did not reveal when the incident took place or since when the threat actor had access to its environment, only revealing that it learned of the attack “recently.” The breach has not been attributed to any known threat actor or group. 

    However, reports from
    Hackmanac
    and
    Ransomware.live
    indicate that a cybercrime group named CoinbaseCartel has claimed responsibility for the incident. 

    Per reports from
    Halcyon
    and
    Fortinet FortiGuard Labs
    , CoinbaseCartel is a data extortion crew that emerged in September 2025. It’s assessed to be an offshoot of the ShinyHunters, Scattered Spider, and LAPSUS$ ecosystems. 

    The group, which only focuses on data theft and extortion, unlike traditional ransomware groups, has amassed 170 victims across healthcare, technology, transportation, manufacturing, and business services. 

    The company also did not reveal what codebase the attacker downloaded, but Grafana offers various solutions like
    Grafana Cloud
    , a fully-managed, cloud-hosted observability platform for applications and infrastructure. The Hacker News has reached out to Grafana for comment, and we will update the story if we hear back.

    The development comes days after American educational technology company Instructure
    made the controversial decision
    to settle with the ShinyHunters extortion group after the latter threatened to leak terabytes of data belonging to thousands of schools and universities across the U.S.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    InfoForTech
    • Website

    Related Posts

    2026 Cybersecurity Forecast: Mid-Year Review & H2 Trends

    July 17, 2026

    E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

    July 17, 2026

    How Can Deception Be Used in OT/ICS Networks?

    July 17, 2026

    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    July 16, 2026

    TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

    July 16, 2026

    Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

    July 15, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views

    This is the tech that makes Volvo’s latest EV a major step forward

    January 24, 202616 Views
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Advertisement
    About Us
    About Us

    Our mission is to deliver clear, reliable, and up-to-date information about the technologies shaping the modern world. We focus on breaking down complex topics into easy-to-understand insights for professionals, enthusiasts, and everyday readers alike.

    We're accepting new partnerships right now.

    Facebook X (Twitter) YouTube
    Most Popular

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views
    Categories
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    • Latest in Tech
    © 2026 All Rights Reserved InfoForTech.
    • Home
    • About Us
    • Contact Us
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.