Grafana: Investigation reveals that recent security incidents have not affected customer production systems and operations

By: rootdata|2026/05/20 20:45:08
0
Share
copy

The open-source data visualization tool Grafana has released the latest progress on the investigation of the security incident on May 16. The investigation found that this incident was limited to the GitHub environment of Grafana Labs, including both public and private source code as well as internal GitHub repositories, and did not affect customer production systems, operations, or the Grafana Cloud platform. The downloaded content, in addition to the source code, also included some repositories used by the team for collaboration and storage of internal operational information and business details, involving business contact names and email addresses, rather than data from production systems or the cloud platform.

Grafana Labs has made it clear that the codebase was downloaded but not tampered with, and currently, customers and open-source users do not need to take any action. The incident originated from a TanStack npm supply chain attack conducted through the Mini Shai-Hulud campaign. Grafana Labs detected malicious activity on May 11 and initiated an emergency response, but a credential was overlooked, allowing the attacker to gain access. After receiving a ransom demand on May 16, the company decided not to pay the ransom and has rotated automated credentials, implemented enhanced monitoring, audited all commits since May 11, and significantly strengthened GitHub security configurations. The company has notified federal law enforcement, and the investigation is ongoing.

-- Price

--

You may also like

Semiconductor stocks plummet, yet Anthropic wants to create a 2nm chip

Abandoning TSMC and teaming up with Samsung. Anthropic launches a self-developed 2nm chip program, challenging Nvidia and starting a battle to break through computing power costs.

Where is Zhao Changpeng's billion-dollar investment going? YZi Labs' investment landscape fully revealed

Zhao Changpeng's billion-dollar new "family office" YZi Labs investment landscape revealed: 70% of the funds are committed to the crypto ecosystem, while 30% are cross-industry bets on AI and biotechnology, launching a new capital experiment in the post-Binance era.

Ethereum Foundation Report: A Basic Guide to Ethereum for Governments and Financial Institutions

The Ethereum Foundation has released this non-technical introductory report aimed at government officials, central banks, regulators, and corporate decision-makers, explaining how Ethereum works, how it is governed, how it differs from other blockchains, and how institutions and governments are alre...

A pre-announced harvesting case: After the cryptocurrency price dropped by 99%, the public chain Saga exited to transform into AI

True failure often isn't a single price drop, but rather a pricing mechanism that repeatedly rewards those who tell stories while repeatedly punishing those who believe in the stories.

When American giants collectively "defect" from Chinese AI models

Coinbase CEO publicly stated: the company has fully switched its AI to a Chinese model, cutting expenses in half while usage has doubled. Snowflake and Lindy are also doing the same thing—an unnoticed "AI model migration wave" is happening.

BIS Report Compliance Observation: The Real Risks of Stablecoins, Not Just "Depegging"

The issue with stablecoins is not just whether their price will decouple, but whether they can be integrated into a recognizable, monitorable, accountable, and regulated financial system.

Contents

Popular coins

Latest Crypto News

Read more
iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com