Grafana Labs Investigates GitHub Security Incident

Grafana Labs has released an update on its investigation into a security incident that occurred on May 16. According to ChainCatcher, the incident was confined to Grafana Labs' GitHub environment, affecting both public and private source code and internal GitHub repositories. The breach did not impact customer production systems, operations, or the Grafana Cloud platform. The downloaded content included source code and some repositories used by the team for collaboration and storing internal operational information and business details, such as business contact names and email addresses. However, it did not involve data from production systems or cloud platforms. Grafana Labs confirmed that while the codebase was downloaded, it was not altered. Customers and open-source users are not required to take any action at this time. The incident was linked to a TanStack npm supply chain attack conducted through the Mini Shai-Hulud campaign. Grafana Labs detected malicious activity on May 11 and initiated an emergency response. However, an oversight involving a credential allowed attackers access. After receiving a ransom demand on May 16, the company chose not to pay and has since rotated automated credentials, enhanced monitoring, audited all submissions since May 11, and significantly strengthened GitHub security configurations. Federal law enforcement has been notified, and the investigation is ongoing.