VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

GitHub token leak at Grafana: codebase downloaded, extortion attempt

Утечка GitHub-токена в Grafana: скачали кодовую базу и попытались шантажировать

Colleagues, a cybersecurity alert: Grafana reported that an unauthorized actor obtained a GitHub token and downloaded part of its codebase.

— Company: no customer data access observed; source of the leak identified, compromised credentials revoked, and additional controls enacted.
— Attacker demanded ransom; Grafana refused, citing FBI guidance.
— Attribution unconfirmed; the group 'CoinbaseCartel' claimed responsibility.

Why it matters: the incident highlights the risk of service tokens and software supply‑chain threats — enforce least privilege, rotate tokens, and monitor access.

What immediate measures do you deem most effective to protect repositories and tokens?

#cybersecurity #infosec #softwaresecurity #GitHub

Latest comments

No comments yet.