Grafana Labs said its May 19, 2026 investigation found no evidence that customer production systems or Grafana Cloud operations were compromised, with the incident limited to its GitHub environment. The breach was traced to the TanStack npm supply chain attack linked to TeamPCP, and Grafana also reported an extortion demand after detecting unauthorized access to internal repositories. #GrafanaLabs #TeamPCP #TanStack #GitHub #CoinbaseCartel
Keypoints
- Grafana Labs said no customer production systems were compromised.
- The incident was limited to public and private GitHub repositories.
- The breach was tied to the TanStack npm supply chain attack by TeamPCP.
- Grafana rotated tokens and strengthened GitHub security controls.
- The company received an extortion demand but refused to pay.
Read More: https://thehackernews.com/2026/05/grafana-github-breach-exposes-source.html