Attackers Accessed and Downloaded Code from Grafana Labs' GitHub

A threat actor accessed Grafana Labs’ GitHub environment and downloaded the company’s codebase, as announced by the firm on Sunday. The breach affects Grafana Labs, a provider of open-source observability and data visualization tools widely used by enterprise engineering and DevOps teams globally. The company’s products include Grafana (dashboard and visualization platform), Loki (log aggregation), Pyroscope (continuous profiling), Tempo (distributed tracing), and Grafana Cloud (hosted SaaS). No specific technical details, such as attack vectors, compromised repositories, or indicators of compromise, were disclosed in the announcement. The incident involves unauthorized data exfiltration of proprietary and open-source code.