Grafana Labs internal source code accessed
Grafana Labs announced that an unauthorized party obtained a token granting access to its GitHub environment. The token allowed the actor to download the company's source code repository. The incident was disclosed in a post on May 17, 2026.
- ▪Grafana Labs discovered that a token with access to its GitHub environment was obtained by an unauthorized party.
- ▪The token enabled the threat actor to download the entire codebase from the GitHub repository.
- ▪Grafana Labs disclosed the breach in a public statement on May 17, 2026.
- ▪No further details about additional data exposure or remediation steps were provided in the announcement.
Opening excerpt (first ~120 words) tap to expand
Grafana@grafana🚨 We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase. (1/6)1:45 AM · May 17, 20261.7MViews:host{display:inline-block;direction:ltr;white-space:nowrap;line-height:var(--number-flow-char-height, 1em) !important}span{display:inline-block}:host([data-will-change]) span{will-change:transform}.number,.digit{padding:round(nearest, calc(var(--number-flow-mask-height, 0.25em) / 2), 1px) 0}.symbol{white-space:pre}146number-flow-react > span{font-kerning:none;display:inline-block;line-height:var(--number-flow-char-height, 1em) !important;padding:calc(round(nearest, calc(var(--number-flow-mask-height, 0.25em) / 2), 1px) * 2)…
Excerpt limited to ~120 words for fair-use compliance. The full article is at X (formerly Twitter).