Detected the TanStack activity on May 11 and rotated tokens, but missed one workflow token that was assumed unaffected. The attackers used the remaining access to download Grafana’s source. Ransom demanded May 16, refused on FBI guidance. No customer production systems impacted.
← Findings
Grafana Labs GitHub breach via TanStack
Detected the TanStack activity on May 11 and rotated tokens, but missed one workflow token that was assumed unaffected. Attackers used remaining access to download source.