TechFlow reports that on May 20, Grafana Labs disclosed in its official blog that it was confirmed to have been targeted by a cybercriminal group on May 16, 2026. The attackers breached Grafana Labs’ GitHub repositories on May 11 via the TanStack npm supply-chain vulnerability (part of the “Mini Shai-Hulud” campaign), downloading public and private source code, internal operational information, and email addresses of some business contacts, followed by a ransom demand.
Grafana Labs stated that its code repositories were only downloaded—not modified—and that customer production systems and the Grafana Cloud platform remain unaffected. The company has decided not to pay the ransom and has reported the incident to federal law enforcement authorities. In response, Grafana Labs has initiated measures including token rotation, log review, commit auditing, and security hardening of its CI/CD pipelines. A full post-incident report will be published upon completion of the investigation.
