Grafana Confirms Breach After Hackers Claim They Stole Data

The gang, active since September 2025, does not use file-encrypting ransomware. Instead, it demands a ransom payment after stealing sensitive data from victims. The Coinbase Cartel website currently lists 105 victims.Cybersecurity companies say Coinbase Cartel is linked to ShinyHunters, Scattered Spider, and Lapsus$, whose members have been collaborating since at least mid-2025, with some evidence pointing to a possible partnership dating back to 2024.The alliance has been conducting a major data theft campaign, using the ShinyHunters name to sign and claim intrusions against several high-profile companies, includingInstructure,Vimeo,Wynn Resorts,Vercel, andMedtronic.Related:TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source CodeRelated:Trellix Source Code Repository BreachedRelated:GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

Cybersecurity companies say Coinbase Cartel is linked to ShinyHunters, Scattered Spider, and Lapsus$, whose members have been collaborating since at least mid-2025, with some evidence pointing to a possible partnership dating back to 2024.The alliance has been conducting a major data theft campaign, using the ShinyHunters name to sign and claim intrusions against several high-profile companies, includingInstructure,Vimeo,Wynn Resorts,Vercel, andMedtronic.Related:TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source CodeRelated:Trellix Source Code Repository BreachedRelated:GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

The alliance has been conducting a major data theft campaign, using the ShinyHunters name to sign and claim intrusions against several high-profile companies, includingInstructure,Vimeo,Wynn Resorts,Vercel, andMedtronic.Related:TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source CodeRelated:Trellix Source Code Repository BreachedRelated:GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

Related:TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source CodeRelated:Trellix Source Code Repository BreachedRelated:GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

Related:Trellix Source Code Repository BreachedRelated:GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

Related:GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Tim Byrd has been appointed Chief Information Security Officer at First Citizens Bank.

Source: SecurityWeek