Grafana says its breach stemmed from a single GitHub workflow token that was missed during rotation after the TanStack npm supply-chain attack, allowing attackers to access private repositories and steal source code. The incident was tied to the Shai-Hulud malware campaign attributed to TeamPCP, though Grafana says no customer production systems or data were compromised. #Grafana #TanStack #ShaiHulud #TeamPCP
Keypoints
- Grafanaβs breach began with a compromised GitHub workflow token.
- The token rotation process missed one credential after the TanStack attack.
- Shai-Hulud malware in malicious npm packages stole GitHub workflow tokens.
- Attackers used the token to access Grafanaβs private repositories and source code.
- Grafana says no customer production systems or data were affected.