Grafana Breach Traced to Single Missed Token After TanStack Attack

Grafana Labs has confirmed that attackers stole its source code and business contact information by exploiting a single GitHub workflow token that was missed during credential rotation following the TanStack npm supply chain attack earlier this month. The company received a ransom demand on May 16 and has refused to pay.

The breach illustrates how supply chain compromises cascade through dependent organizations—and how even a comprehensive incident response can fail if a single credential slips through the cracks.

What Happened

On May 1, Grafana detected malicious activity stemming from the TanStack npm packages that had been backdoored by TeamPCP. When the malicious package versions were pulled into Grafana's CI/CD workflows, the embedded credential-stealing malware executed in GitHub's runner environment and exfiltrated workflow tokens to the attackers.

According to BleepingComputer, Grafana's security team immediately began rotating GitHub workflow tokens as part of their incident response. The process covered numerous credentials—but one token was overlooked.

"A missed token led to the attackers gaining access to our GitHub repositories," the company stated in its security update published May 20.

Attackers used that single overlooked token to access Grafana's private repositories, exfiltrate source code, and harvest business contact information including professional relationships.

Impact Assessment

Grafana emphasized that the breach was contained to development infrastructure:

• Source code stolen — The codebase was downloaded but not modified. Grafana confirmed no malicious commits were introduced.
• Business contacts exposed — Names and professional relationship details were accessed, though the company characterized this as operational rather than customer data.
• No customer impact — Production systems, customer data, and operational services were not compromised.

The company received an extortion demand from an unnamed threat actor on May 16, threatening to publish the stolen data. TechCrunch reports that Grafana opted not to negotiate or pay, citing the nature of the exposed data and the company's open-source roots.

The Broader TanStack Fallout

Grafana is far from the only victim. The TanStack supply chain compromise affected 84 package versions across 42 npm packages, hitting organizations like OpenAI, Mistral AI, and UiPath. The @tanstack/react-router package alone receives over 12 million weekly downloads.

TeamPCP, the group behind the attack, has been particularly active in 2026. They previously targeted cloud infrastructure through the React2Shell vulnerability and are known for rapidly monetizing stolen credentials through ransomware deployment, cryptomining, and proxy services. The TanStack attack follows a pattern of increasingly sophisticated npm supply chain compromises—we covered a similar credential-stealing campaign targeting the node-ipc package just days earlier.

The attack technique—chaining pull_request_target exploitation with GitHub Actions cache poisoning to extract OIDC tokens—represents a sophisticated evolution in supply chain attacks. The vulnerability is tracked as CVE-2026-45321 with a CVSS score of 9.6. According to TanStack's postmortem, the attackers published all malicious versions within a six-minute window, giving defenders almost no time to react.

Why Token Rotation Failed

The Grafana incident highlights a critical gap in incident response: token inventories are rarely complete.

GitHub workflow tokens get created through automated processes, stored in various secrets managers, cached in CI/CD systems, and embedded in infrastructure configurations. When teams rotate credentials under pressure, tracking every single token requires exhaustive auditing that doesn't always happen in the fog of an active incident. GitHub's security hardening guide recommends treating the GITHUB_TOKEN as a sensitive credential and regularly auditing its usage.

StepSecurity's research on GitHub Actions security recommends several practices that could have contained this breach:

1. Use OIDC instead of static tokens — Short-lived credentials obtained through OpenID Connect expire within hours, limiting the window for exploitation.
2. Implement least-privilege permissions — Tokens should have read-only access by default, with elevated permissions only for specific jobs.
3. Audit token usage continuously — Monitor which tokens access which repositories and flag unexpected patterns.
4. Maintain credential inventories — Document all tokens, their purposes, and their locations before incidents occur.

Lessons for Security Teams

Grafana's breach didn't result from a sophisticated zero-day or a failure to detect the initial compromise. The company identified the TanStack infection quickly and began remediation immediately. What caught them was the operational reality that credential rotation at scale is hard.

Organizations running CI/CD pipelines should ask:

• Do we have a complete inventory of all workflow tokens and service account credentials?
• Are our tokens scoped to minimum necessary permissions?
• Would we know if we missed one during a rotation?
• Are we using OIDC-based authentication where possible?

For anyone affected by the TanStack compromise, Grafana's experience is a cautionary tale. Even when you think you've rotated everything, verify twice. The attackers only need one token you forgot about.

Understanding how data breaches cascade through modern software supply chains has become essential knowledge for security teams. As development infrastructure grows more complex, the attack surface for credential theft expands with it.

Grafana has since implemented enhanced monitoring, audited all commits for signs of malicious activity, and strengthened its GitHub security posture. The company stated it will publish a more detailed technical analysis once its investigation concludes.