TechFlow reports that on May 17, Grafana—an open-source data visualization tool—announced on X that it recently discovered an unauthorized attacker had obtained a token granting access to Grafana Labs’ GitHub environment and used it to download repositories. An investigation confirmed that no customer data or personal information was compromised, and no impact was observed on customer systems or business operations. Forensic analysis was initiated immediately after the incident, and the source of the credential leak has been identified. Additional security measures have also been deployed to strengthen environmental protection.
Additionally, Grafana disclosed that the attacker attempted to extort payment via ransomware to prevent public disclosure of the repositories; however, the company ultimately decided not to pay the ransom. Further post-incident analysis details will be released after the investigation concludes.
