Grafana breach caused by missed token rotation after TanStack attack

Wednesday, May 20, 2026 at 03:46 PM UTC·Source: BleepingComputer

Updated: Wednesday, May 20, 2026 at 05:00 PM UTC

Executive Summary

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. [...]

Analysis

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. [...]

Source Attribution

Originally published by BleepingComputer on May 20, 2026.

Related Threats

MEDIUMData BreachNEW

GitHub Hacked, Internal Repositories Offered for Sale

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/github-hacked-internal-repositories-offered-for-sale-image_small-7-a-31739.jpg" align=right hspace=4><b>A Single Developer Downloaded a Poisoned VS Code Extension, and Now Look</b><br>GitHub warned late Tuesday that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a developer used a poisone

8m agoBank Info Security

HIGHData Breach

GitHub Confirms Breach, 4K Internal Repos Stolen

Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit.

1h agoDark Reading

HIGHData Breach

Processes and Culture Top Reasons Behind Data Breaches

Government leaders revealed that, in spite of state laws meant to improve cyber hygiene, an analysis of incidents showed issues persist and visibility falls short.

4h agoDark Reading