--- title: "Grafana Labs Investigates GitHub Security Incident" type: "News" locale: "en" url: "https://longbridge.com/en/news/286982459.md" description: "Grafana Labs is investigating a security incident from May 16, affecting its GitHub environment but not customer systems. The breach involved source code and internal information but did not alter the codebase. Linked to a TanStack npm supply chain attack, Grafana detected malicious activity on May 11. After a ransom demand, the company enhanced security measures and notified federal law enforcement. No action is required from customers or open-source users." datetime: "2026-05-20T00:43:42.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/286982459.md) - [en](https://longbridge.com/en/news/286982459.md) - [zh-HK](https://longbridge.com/zh-HK/news/286982459.md) --- # Grafana Labs Investigates GitHub Security Incident Grafana Labs has released an update on its investigation into a security incident that occurred on May 16. According to ChainCatcher, the incident was confined to Grafana Labs' GitHub environment, affecting both public and private source code and internal GitHub repositories. The breach did not impact customer production systems, operations, or the Grafana Cloud platform. The downloaded content included source code and some repositories used by the team for collaboration and storing internal operational information and business details, such as business contact names and email addresses. However, it did not involve data from production systems or cloud platforms. Grafana Labs confirmed that while the codebase was downloaded, it was not altered. Customers and open-source users are not required to take any action at this time. The incident was linked to a TanStack npm supply chain attack conducted through the Mini Shai-Hulud campaign. Grafana Labs detected malicious activity on May 11 and initiated an emergency response. However, an oversight involving a credential allowed attackers access. After receiving a ransom demand on May 16, the company chose not to pay and has since rotated automated credentials, enhanced monitoring, audited all submissions since May 11, and significantly strengthened GitHub security configurations. Federal law enforcement has been notified, and the investigation is ongoing. ### Related Stocks - [MSFU.US](https://longbridge.com/en/quote/MSFU.US.md) - [XSW.US](https://longbridge.com/en/quote/XSW.US.md) - [MSFX.US](https://longbridge.com/en/quote/MSFX.US.md) - [MSFO.US](https://longbridge.com/en/quote/MSFO.US.md) - [DTCR.US](https://longbridge.com/en/quote/DTCR.US.md) - [MSFL.US](https://longbridge.com/en/quote/MSFL.US.md) - [IGV.US](https://longbridge.com/en/quote/IGV.US.md) - [CLOU.US](https://longbridge.com/en/quote/CLOU.US.md) - [MSFT.US](https://longbridge.com/en/quote/MSFT.US.md) ## Related News & Research - [3,800 GitHub internal repos compromised by TeamPCP via malicious VS Code extension, source code accessed.](https://longbridge.com/en/news/287099768.md) - [GitHub says hackers stole data from thousands of internal repositories](https://longbridge.com/en/news/287074849.md) - [Kanawha Capital Management LLC Cuts Stake in Microsoft Corporation $MSFT](https://longbridge.com/en/news/286739384.md) - [North Point Portfolio Managers Corp OH Buys 12,541 Shares of Microsoft Corporation $MSFT](https://longbridge.com/en/news/286739369.md) - [QIZ Is Advancing Quantum-Resistant Security with Google Cloud](https://longbridge.com/en/news/287054841.md)