Grafana Labs has investigated the potential impact of the Okta Lapsus$ breach and confirmed that they have not been affected. Although Okta confirmed a breach impacting some customers, Grafana does not use Okta for customer authentication unless specifically configured by clients and does not store customer data in Okta. Internally, Okta serves as Grafana's primary Directory and Identity Provider. Grafana has reviewed internal service logs and found no suspicious activity, correlating Okta user activity with external systems. As a precaution, Grafana is enhancing its logging and forensic capabilities, reviewing IdP systems, and considering improvements to its internal authentication systems to reduce reliance on third-party services. Grafana encourages users to report security vulnerabilities via email and provides a PGP key for encrypted communication. Security updates and announcements are regularly posted on their blog, with an option to subscribe to an RSS feed for updates.