Grafana Labs
May 11, 2026
•[ source code leak, extortion, compromised credentials ]
Grafana Labs confirmed that a cybercrime group used a compromised GitHub token to access its GitHub repositories and download its codebase and internal GitHub repository content. The attackers demanded ransom to prevent disclosure, but Grafana said customer production systems, Grafana Cloud, customer operations, customer data, and personal information from production systems were not compromised.
SailPoint, Inc.
April 20, 2026
•[ unauthorized access, source code leak, third-party vulnerability ]
SailPoint disclosed unauthorized access to a subset of its GitHub repositories on April 20, 2026. The company said the unauthorized activity was quickly terminated, a vulnerability in a third-party application was remediated, and there was no evidence that customer data in production or staging environments was accessed or that services were interrupted. SailPoint did not publicly name the threat actor or disclose the type or volume of repository data that may have been compromised.
Adumo (Lesaka unit)
April 16, 2026
•[ source code leak, payment system data, dark web ]
Adumo investigated claims that technical payment-system data and source code were offered for sale on a dark-web forum.
Dígitro Tecnologia
April 8, 2026
•[ database leak, source code leak, internal files ]
CTIR Gov warned that databases, source-code repositories, and internal files from Dgitro Tecnologia were published by DDoSecrets.
Sweden's BankID
March 17, 2026
•[ data leak, credential leak, source code leak ]
Biometric Update reported a hacker group calling itself ByteToBreach claimed a breach at CGIs Swedish division, leaking code and credentials tied to systems used by Swedish public authorities and linked in reporting to BankID authentication flows (including for the Swedish Tax Agency). The article said other databases containing personal data and electronic signature documents were allegedly being sold separately. The report is based on attacker claims and leak assertions and does not provide an official confirmation of full scope from CGI or BankID in the excerpt.
Toptal
July 20, 2025
•[ data leak, source code leak, supply chain attack ]
73 repositories made available, exposing private projects and source code. Attackers hijacked Toptals GitHub organization and published 10 malicious npm packages before takedown. Later updates indicated minimal impact to external users.
Pearson plc
January 1, 2025
•[ data leak, source code leak, credential leak ]
Threat actors used an exposed GitLab PAT to access source code and cloud credentials, stealing terabytes of corporate and customer data over months.
