BlockBeats News, May 20: Grafana Labs released a security update, stating that the company confirmed on May 16 that it had experienced a targeted network attack. The attacker gained unauthorized access through a GitHub repository and downloaded its codebase, then issued a ransom demand.

The company stated that the incident stemmed from an attack involving the TanStack npm supply chain. After gaining initial access, the attacker further exploited a missed GitHub workflow token to gain entry into the company's internal repository environment.

Grafana Labs emphasized that the current investigation has not found any impact on customer production systems or the Grafana Cloud platform. The incident was limited to the company's GitHub environment, including source code and some internal collaborative repository content, but the code was not altered.

The company noted that the downloaded data may contain more than just the source code, possibly including internal operational information, business contact names, and emails, but not production system data.

The attacker subsequently demanded a ransom to prevent code disclosure, but Grafana Labs stated that it has refused to pay and is cooperating with law enforcement agencies in the investigation.

The company has now implemented a series of security measures, including rotating automatic tokens, enhancing monitoring, auditing commit logs, and strengthening CI/CD security. It also mentioned that a comprehensive post-incident report will be released.