Grafana Labs, the company behind the popular open-source dashboard tool used to visualize data on millions of websites and devices, disclosed on May 18 that an attacker obtained a stolen GitHub access token and used it to download the company’s entire source code. A cybercrime group called CoinbaseCartel — linked to the same criminal ecosystem as ShinyHunters and Scattered Spider — then tried to extort Grafana, threatening to publish the code unless paid. Grafana refused, saying it would not encourage criminals to target more victims.
The good news for everyday Grafana users: the company says its investigation found no evidence that customer data or personal information was accessed. The stolen code is the internal software itself, not a database of user accounts. Grafana has revoked the compromised token, added new security controls, and is working with law enforcement. This kind of breach is a reminder that even a single stolen credential can give attackers surprising reach — which is why security teams increasingly lock down access tokens the same way they protect passwords.