Huo Xing Cai Jing reports that the open-source data visualization tool Grafana has released an update on its investigation into the security incident on May 16. The investigation found that the incident was limited to Grafana Labs’ GitHub environment, including both public and private source code and internal GitHub repositories, and did not affect customer production systems, operations, or the Grafana Cloud platform. The downloaded content, in addition to source code, included some repositories used by teams for collaboration and storing internal operational information and business details, containing business contact names and email addresses—but no data from production systems or the cloud platform. Grafana Labs explicitly stated that the codebase was downloaded but not altered, and no action is currently required by customers or open-source users. The incident originated from a TanStack npm supply chain attack carried out via the Mini Shai-Hulud campaign. Grafana Labs detected malicious activity on May 11 and initiated an emergency response, but an overlooked credential allowed the attacker to gain access. After receiving a ransom demand on May 16, the company decided not to pay the ransom and has since rotated automated credentials, implemented enhanced monitoring, audited all commits since May 11, and significantly strengthened GitHub security configurations. The company has notified federal law enforcement authorities, and the investigation is ongoing.
Grafana Confirms Recent Security Incident Did Not Affect Customer Systems
MarsBitShare
Summary
Grafana confirmed that its recent security breach did not affect customer systems or Grafana Cloud. The incident involved a supply chain attack through TanStack npm, resulting in unauthorized access to internal GitHub data. No production systems were impacted, and no customer action is required. The breach was traced to a missing credential, and Grafana has since rotated credentials and strengthened its security measures. The company is cooperating with law enforcement as the investigation continues. Inflation data remains a key focus for investors amid ongoing market volatility.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.