According to Grafana Labs, the company confirmed on May 16 that its GitHub repositories were compromised through a targeted attack, with attackers downloading source code and demanding ransom. The breach originated from the TanStack npm supply chain incident, with attackers subsequently exploiting an exposed GitHub Actions token to access internal repositories.
Grafana Labs emphasized that customer production systems and Grafana Cloud remain unaffected; the incident was limited to source code and internal collaboration repositories, with no code tampering detected. Downloaded data may include internal operational information and contact details, but no production system data. The company rejected the ransom demand and is cooperating with law enforcement.