BlockBeats report: On May 20, Grafana Labs released a security update stating that on May 16, the company confirmed a targeted cyberattack in which attackers gained unauthorized access to its codebase via a GitHub repository and subsequently made a ransom demand.
The company stated that the incident originated from an attack targeting the TanStack npm supply chain; after gaining initial access, the attackers exploited a forgotten GitHub workflow token to successfully infiltrate the company’s internal repository environment.
Grafana Labs emphasized that the investigation has found no impact on customer production systems or the Grafana Cloud platform; the incident was limited to the company’s GitHub environment, including source code and some internal collaboration repositories, with no code alterations detected.
The company stated that the downloaded data, in addition to the source code, may include internal operational information and names and email addresses of business contacts, but does not involve production system data.
The attackers then demanded a ransom to prevent the code from being leaked, but Grafana Labs stated that it refused to pay and has collaborated with law enforcement on the investigation.
The company has implemented a series of security measures, including rotating automated tokens, enhancing monitoring, auditing submission logs, and strengthening CI/CD security, and has stated that a full post-incident report will be released.