{"id":248858,"date":"2026-05-18T14:59:00","date_gmt":"2026-05-18T18:59:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack\/"},"modified":"2026-05-18T18:10:30","modified_gmt":"2026-05-18T22:10:30","slug":"grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack\/","title":{"rendered":"Grafana confirms GitHub token breach cybercrime group claims the attack"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/192347\/breaking-news\/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack.html\">Grafana confirms GitHub token breach cybercrime group claims the attack<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192347\/breaking-news\/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack.html\">https:\/\/securityaffairs.com\/192347\/breaking-news\/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-18 14:59:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Grafana confirms GitHub token breach cybercrime group claims the attack<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> May 18, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-53.png?fit=512%2C256&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected.<\/h2>\n<p>Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers access to the company\u2019s GitHub environment. <\/p>\n<p>Grafana Labs is a software company best known for building open-source tools used to monitor and visualize data from IT systems, applications, and infrastructure. Its main product, Grafana, lets organizations create dashboards to track performance metrics, logs, and alerts in real time. It is widely used in cloud computing, DevOps, and cybersecurity environments to help teams understand system health and troubleshoot issues quickly.<\/p>\n<p>The group Coinbase Cartel later added Grafana to its victim portal. Grafana said attackers accessed parts of its source code, but found no evidence of customer data theft, personal data exposure, or impact on customer systems or operations.<\/p>\n<p>The company revoked and reset the compromised credentials. The company has also launched a forensic investigation to determine how the token was exposed, what repositories were accessed, and whether any additional systems may have been affected. Grafana promised to release more details once the investigation is complete.<\/p>\n<p>Grafana Labs said it will not pay the ransom demanded by attackers to prevent publication of the stolen source code.  At the time of writing, the group Coinbase Cartel had not published Grafana\u2019s data, but reportedly issued threats warning of potential consequences if its demands were ignored.<\/p>\n<p>Coinbase Cartel has been active since at least September 2025 and has claimed more than 100 victims. Unlike traditional ransomware&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192347\/breaking-news\/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Grafana confirms GitHub token breach cybercrime group claims the attack https:\/\/securityaffairs.com\/192347\/breaking-news\/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack.html Publish Date: 2026-05-18 14:59:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":248859,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-53.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24],"class_list":["post-248858","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248858"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=248858"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248858\/revisions"}],"predecessor-version":[{"id":248860,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248858\/revisions\/248860"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/248859"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=248858"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=248858"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=248858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}