Grafana confirms GitHub token breach cybercrime group claims the attack

Grafana Labs confirmed a security incident after a compromised GitHub token exposed parts of its source code and was claimed by the extortion group Coinbase Cartel; the company says no customer data or systems were impacted, revoked the credentials, and is conducting a forensic investigation while refusing to pay the ransom. The report highlights token security weaknesses, the risks of source-code theft for supply-chain and phishing attacks, and links the extortion group to other credential-focused threat actors.