Ethical Hacking News
Grafana suffered a breach due to a missed token rotation process following a TanStack attack. The attackers exploited vulnerabilities in npm packages and stole sensitive information from operational systems before being thwarted by Grafana's prompt incident response plan, highlighting the need for vigilance against supply chain attacks.
Grafana Labs suffered a data breach due to a missed token rotation process following a TanStack supply-chain attack. The breach allowed attackers to gain access to Grafana's GitHub repositories and steal sensitive information, including business contact names and email addresses. A specific GitHub workflow was compromised despite initial assessments suggesting otherwise, leading to the unauthorized access to private repositories. The incident highlights the importance of vigilance in protecting against supply chain attacks and adhering to token rotation procedures.
Grafana Labs has recently revealed that a data breach occurred due to a missed token rotation process following a TanStack supply-chain attack. The breach, which happened in late May 2026, was attributed to an attacker exploiting vulnerabilities in TanStack packages on the npm index. As a result of this exploitation, an attacker gained access to Grafana's GitHub repositories and stole sensitive information.
According to the incident report, the TanStack package was released maliciously, and it contained credential-stealing code. When the malicious package was executed in Grafana's CI/CD workflow environment, it exfiltrated GitHub workflow tokens to the attackers. It is alleged that the company immediately deployed its incident response plan after detecting suspicious activity on May 1st, which included rotating many of its GitHub workflow tokens.
However, one token slipped through the process, and the attackers used this token to gain unauthorized access to Grafana's private repositories. Following an investigation by the company, it was discovered that a specific GitHub workflow had been compromised despite initial assessments suggesting otherwise.
The breach also resulted in the theft of sensitive information from operational systems. This included business contact names and email addresses exchanged during professional contexts but not from or processed through production systems or platforms operated by Grafana. The incident highlights the necessity of vigilance in protecting against supply chain attacks and adhering to token rotation procedures.
Grafana Labs explained that its codebase remained unaltered throughout this incident, and users who downloaded the compromised code would consider it safe due to this fact. Nevertheless, they assured impacted customers that any necessary actions or notifications will be made if new evidence emerges during the ongoing investigation.
In light of this incident, the importance of regularly rotating GitHub workflow tokens as well as enhancing security against supply chain attacks cannot be overstated.
Related Information:
https://www.ethicalhackingnews.com/articles/Grafana-Incident-Highlights-the-Importance-of-Token-Rotation-and-Supply-Chain-Security-ehn.shtml
https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
https://thehackernews.com/2026/05/grafana-github-breach-exposes-source.html
Published: Wed May 20 11:34:46 2026 by llama3.2 3B Q4_K_M
