Grafana Labs, on Could 19, 2026, mentioned an investigation into its latest breach discovered no proof of buyer manufacturing methods or operations being compromised.
It mentioned the scope of the incident is proscribed to the Grafana Labs GitHub setting, which incorporates private and non-private supply code together with inner GitHub repositories.
“After the preliminary evaluation, we discovered that along with supply code, the downloaded content material included GitHub repositories that some Grafana Labs groups use to collaborate on and retailer inner operational info and different particulars about our enterprise,” it mentioned.
“This contains enterprise contact names and e-mail addresses that will be exchanged in an expert relationship context, not info pulled from or processed by means of using manufacturing methods or the Grafana Cloud platform.”
The open-source visualization software program maker additionally famous that the breach originated from the TanStack npm provide chain assault orchestrated by TeamPCP, which additionally hit OpenAI and Mistral AI, and that it detected the exercise on Could 11, 2026.
“We carried out evaluation and rapidly rotated a big variety of GitHub workflow tokens, however a missed token led to the attackers having access to our GitHub repositories,” it mentioned. “A subsequent evaluation confirmed {that a} particular GitHub workflow we initially deemed not impacted had, actually, been compromised.”
The corporate mentioned it subsequently acquired an extortion demand from an unnamed risk actor on Could 16, however opted towards paying the ransom as there isn’t any assure that the stolen knowledge would truly be deleted, and will act as a catalyst for future campaigns.
Since then, Grafana has taken steps to rotate automation tokens, implement enhanced monitoring, audit all commits for indicators of malicious exercise, and bolster its general GitHub security posture.
It is price mentioning right here {that a} knowledge extortion crew named CoinbaseCartel listed Grafana Labs on its darkish website online on Could 15, 2026. The Hacker Information has contacted Grafana for remark, and we’ll replace the story if we hear again.
The event comes as GitHub mentioned it is investigating unauthorized entry to its inner repositories after the infamous risk actor generally known as TeamPCP listed the platform’s supply code and inner organizations on the market on a cybercrime discussion board.
