Close Menu
geekfence.comgeekfence.com
    What's Hot

    I Use One UI 9 Daily – This Hidden Feature is a Game-changer

    July 6, 2026

    The Science Behind Why Soccer Players at the 2026 World Cup Are Cutting Their Socks

    July 6, 2026

    Expanding our Heat Resilience data to 50+ global cities

    July 6, 2026
    Facebook X (Twitter) Instagram
    • About Us
    • Contact Us
    Facebook Instagram
    geekfence.comgeekfence.com
    • Home
    • UK Tech News
    • AI
    • Big Data
    • Cyber Security
      • Cloud Computing
      • iOS Development
    • IoT
    • Mobile
    • Software
      • Software Development
      • Software Engineering
    • Technology
      • Green Technology
      • Nanotechnology
    • Telecom
    geekfence.comgeekfence.com
    Home»Cyber Security»Grafana says stolen GitHub token let hackers steal codebase
    Cyber Security

    Grafana says stolen GitHub token let hackers steal codebase

    AdminBy AdminMay 18, 2026No Comments3 Mins Read5 Views
    Facebook Twitter Pinterest LinkedIn Telegram Tumblr Email
    Grafana says stolen GitHub token let hackers steal codebase
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Grafana says stolen GitHub token let hackers steal codebase

    Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token.

    A relatively new extortion gang known as CoinbaseCartel has claimed the attack by adding Grafana to their data leak site (DLS), although no data has been leaked yet.

    Grafana Labs is the company behind Grafana, the popular open-source platform for analytics, monitoring, and real-time data visualization.

    Paying customers are primarily large enterprises, cloud providers, telecos, banks, governments, e-commerce platforms, and infrastructure operators. According to Grafana, more than 7,000 organizations use the product, including 70% of the Fortune 50 companies.

    No payment for hackers

    In an announcement over the weekend, Grafana Labs said that its investigation found no evidence that customer data or personal information was exposed during the incident. Furthermore, the company notes that customer systems remained unaffected.

    The forensic analysis revealed the source of the leaked credentials. The company “invalidated the compromised credentials and implemented additional security measures” to prevent future unauthorized access.

    The attacker attempted to extort the company, demanding payment in exchange for not publishing the stolen source code. However, Grafana said it chose to follow public guidance from the Federal Bureau of Investigation (FBI) and not pay the ransom, noting that doing so would only encourage other threat actors to pursue similar attacks.

    “Based on our operational experience and the published stance of the FBI, which notes that paying a ransom doesn’t guarantee you or your organization will get any data back and only offers an incentive for others to get involved in this type of illegal activity, we’ve determined the appropriate path forward is not to pay the ransom,” Grafana stated.

    The company said it would release more details about the attack after completing its post-incident investigation.

    BleepingComputer has contacted Grafana with a request for additional details about the breach, but we have not received a response by publishing time.

    CoinbaseCartel escalates activity

    The CoinbaseCartel launched last September and has been quite active this year, announcing more than 100 victims on its data leak portal. The gang focuses on data theft and uses the DLS to pressure victims into paying a ransom.

    CoinbaseCartel listing Grafana as on its extortion portal
    CoinbaseCartel listing Grafana on its extortion portal
    Source: BleepingComputer

    The gang announced on its site that they “are behind on many leaks,” indicating increased breaches that may have yet to reach the public space.

    According to multiple researchers, CoinbaseCartel consists of ShinyHunters and Lapsus$ affiliates that gain access to target networks via social engineering, various forms of phishing, and compromised credentials.

    Threat intelligence specialist Joe Shenouda claims that the gang also deploys an in-memory tool called “shinysp1d3r” to encrypt VMware ESXi targets and disable snapshots.

    Last year, BleepingComputer analyzed a ShinySp1d3r Windows encryptor developed by the ShinyHunters extortion group. At the time, the threat actor said that they were working on finishing encryptor versions for Linux and ESXi.


    article image

    Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

    This guide covers the 6 surfaces you actually need to validate.

    Download Now



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

    July 5, 2026

    FBI Seizes NetNut Proxy Platform, Popa Botnet – Krebs on Security

    July 4, 2026

    This month in security with Tony Anscombe – June 2026 edition

    July 3, 2026

    Getty Scraps $3.7B Shutterstock Merger After UK Curbs

    July 2, 2026

    Findings Report from the SOC at RSAC 2026 Conference

    July 1, 2026

    USB drives carrying China-linked malware infected Japanese military networks for nearly a year

    June 30, 2026
    Top Posts

    Understanding U-Net Architecture in Deep Learning

    November 25, 202559 Views

    Hard-braking events as indicators of road segment crash risk

    January 14, 202631 Views

    Redefining AI efficiency with extreme compression

    March 25, 202628 Views
    Don't Miss

    I Use One UI 9 Daily – This Hidden Feature is a Game-changer

    July 6, 2026

    What’s the actual point of One UI 9? Before I installed the beta of Samsung’s…

    The Science Behind Why Soccer Players at the 2026 World Cup Are Cutting Their Socks

    July 6, 2026

    Expanding our Heat Resilience data to 50+ global cities

    July 6, 2026

    Fable 5 Returns, Sonnet 5 Gets Cheaper, But European Banks Still Can’t Deploy Either on Azure |

    July 6, 2026
    Stay In Touch
    • Facebook
    • Instagram
    About Us

    At GeekFence, we are a team of tech-enthusiasts, industry watchers and content creators who believe that technology isn’t just about gadgets—it’s about how innovation transforms our lives, work and society. We’ve come together to build a place where readers, thinkers and industry insiders can converge to explore what’s next in tech.

    Our Picks

    I Use One UI 9 Daily – This Hidden Feature is a Game-changer

    July 6, 2026

    The Science Behind Why Soccer Players at the 2026 World Cup Are Cutting Their Socks

    July 6, 2026

    Subscribe to Updates

    Please enable JavaScript in your browser to complete this form.
    Loading
    • About Us
    • Contact Us
    • Disclaimer
    • Privacy Policy
    • Terms and Conditions
    © 2026 Geekfence.All Rigt Reserved.

    Type above and press Enter to search. Press Esc to cancel.