- Grafana disclosed a data breach where an unauthorized party accessed its GitHub and downloaded its codebase.
- The cybercrime group CoinbaseCartel has claimed responsibility for the attack and attempted to extort the company.
- Grafana refused to pay the ransom, citing FBI guidance that paying encourages further criminal activity.
- The incident highlights ongoing risks for tech firms from data extortion groups, which focus on theft and blackmail rather than ransomware encryption.
Grafana announced on May 17, 2026, that an unauthorized third party obtained a token and accessed its GitHub environment to download the company’s codebase. The data monitoring firm stated the breach did not compromise customer data or personal information.
However, the attacker subsequently attempted to blackmail Grafana, demanding a payment to prevent the stolen database from being published. The company chose not to pay the ransom, aligning with FBI guidance which warns that paying incentivizes further illegal activity.
Meanwhile, reports from Hackmanac and Ransomware.live indicate the cybercrime group CoinbaseCartel claimed responsibility for the incident. This group, described as an offshoot of the ShinyHunters, Scattered Spider, and LAPSUS$ ecosystems by Halcyon and Fortinet FortiGuard Labs, focuses solely on data theft and extortion.
Consequently, this breach follows a pattern of attacks on technology firms by specialized extortion crews. The group has reportedly amassed 170 victims across multiple sectors since emerging in September 2025.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
