Grafana Labs Refused Ransom After GitHub Actions Exploit Stole Its Codebase

Grafana Labs disclosed May 16 that attackers exploited a "Pwn Request" vulnerability in a GitHub Actions workflow to download its entire codebase. Coinbase Cartel, an emerging data-extortion group, demanded ransom; the company refused. No customer data or production systems were compromised. A triggered canary token enabled rapid detection, limiting the breach to source code repositories.