Grafana Labs experienced a security incident involving the unintentional exposure of a GPG private key and passphrase, necessitating a GPG key rotation for users who install Grafana via package repositories such as apt and yum. The company has revoked the compromised key and issued a new one, urging affected users to update their trusted certificates to maintain security. Users who installed Grafana through other means like OS package repositories, Docker images, or Grafana Cloud are not impacted by this incident. Grafana Labs emphasizes transparency and has published a post-incident review, while continuing to provide detailed instructions for users to update their GPG trust relationships. The company also encourages reporting potential security vulnerabilities via a dedicated email and provides security announcements on their blog.