--- title: "Grafana Labs Investigates GitHub Security Incident" type: "News" locale: "en" url: "https://longbridge.com/en/news/286982459.md" description: "Grafana Labs is investigating a security incident from May 16, affecting its GitHub environment but not customer systems. The breach involved source code and internal information but did not alter the codebase. Linked to a TanStack npm supply chain attack, Grafana detected malicious activity on May 11. After a ransom demand, the company enhanced security measures and notified federal law enforcement. No action is required from customers or open-source users." datetime: "2026-05-20T00:43:42.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/286982459.md) - [en](https://longbridge.com/en/news/286982459.md) - [zh-HK](https://longbridge.com/zh-HK/news/286982459.md) --- # Grafana Labs Investigates GitHub Security Incident Grafana Labs has released an update on its investigation into a security incident that occurred on May 16. According to ChainCatcher, the incident was confined to Grafana Labs' GitHub environment, affecting both public and private source code and internal GitHub repositories. The breach did not impact customer production systems, operations, or the Grafana Cloud platform. The downloaded content included source code and some repositories used by the team for collaboration and storing internal operational information and business details, such as business contact names and email addresses. However, it did not involve data from production systems or cloud platforms. Grafana Labs confirmed that while the codebase was downloaded, it was not altered. Customers and open-source users are not required to take any action at this time. The incident was linked to a TanStack npm supply chain attack conducted through the Mini Shai-Hulud campaign. Grafana Labs detected malicious activity on May 11 and initiated an emergency response. However, an oversight involving a credential allowed attackers access. After receiving a ransom demand on May 16, the company chose not to pay and has since rotated automated credentials, enhanced monitoring, audited all submissions since May 11, and significantly strengthened GitHub security configurations. Federal law enforcement has been notified, and the investigation is ongoing. ### Related Stocks - [MSFU.US](https://longbridge.com/en/quote/MSFU.US.md) - [XSW.US](https://longbridge.com/en/quote/XSW.US.md) - [MSFX.US](https://longbridge.com/en/quote/MSFX.US.md) - [MSFO.US](https://longbridge.com/en/quote/MSFO.US.md) - [DTCR.US](https://longbridge.com/en/quote/DTCR.US.md) - [MSFL.US](https://longbridge.com/en/quote/MSFL.US.md) - [IGV.US](https://longbridge.com/en/quote/IGV.US.md) - [CLOU.US](https://longbridge.com/en/quote/CLOU.US.md) - [MSFT.US](https://longbridge.com/en/quote/MSFT.US.md) ## Related News & Research - [Kanawha Capital Management LLC Cuts Stake in Microsoft Corporation $MSFT](https://longbridge.com/en/news/286739384.md) - [North Point Portfolio Managers Corp OH Buys 12,541 Shares of Microsoft Corporation $MSFT](https://longbridge.com/en/news/286739369.md) - [Solvares Group to Expand Scheduling Optimization Options for Microsoft Dynamics 365 Field Service Customers](https://longbridge.com/en/news/286875532.md) - [ZAWYA: Veeam unveils intelligent ResOps for the agentic AI era, turning data context into faster, more precise recovery](https://longbridge.com/en/news/286763694.md) - [Dubai Holding collaborates with Microsoft to integrate AI into core of its operations](https://longbridge.com/en/news/286761090.md)