Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Ravie LakshmananMay 20, 2026Supply Chain Attack / Cloud Security

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised.

It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories.

"After the initial assessment, we found that in addition to source code, the downloaded content included GitHub repositories that some Grafana Labs teams use to collaborate on and store internal operational information and other details about our business," it said.

"This includes business contact names and email addresses that would be exchanged in a professional relationship context, not information pulled from or processed through the use of production systems or the Grafana Cloud platform."

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Other newsrooms on this story

Related reading

Grafana breach caused by missed token rotation after TanStack attack

Other newsrooms on this story

Related reading

Grafana breach caused by missed token rotation after TanStack attack

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Grafana says stolen GitHub token let hackers steal codebase

Grafana Labs admits all its codebase are belong to someone who popped its…

Hackers access GitHub, download codebase in Grafana Labs breach

Grafana’s GitHub Token Incident: 5 Steps DevOps Teams Can Take to Recover Faster