The recent Grafana data breach has been attributed to a GitHub workflow token that was not properly rotated following the TanStack npm supply-chain attack. This oversight allowed attackers to gain unauthorized access to the company’s private repositories.
During the Shai-Hulud malware campaign linked to TeamPCP hackers, numerous TanStack packages infected with credential-stealing code were uploaded to the npm index. These malicious packages, when consumed by Grafana’s CI/CD workflow, led to the execution of an info-stealer module in the GitHub environment, resulting in the exfiltration of GitHub workflow tokens.
Grafana detected suspicious activity stemming from compromised TanStack packages on May 1 and promptly initiated their incident response plan, which included rotating GitHub workflow tokens. Unfortunately, a single token was overlooked in the process, allowing the attackers to exploit it and access the company’s repositories.
While Grafana confirmed that source code was stolen during the breach, they reassured customers that there was no direct impact on them and affirmed that no ransom payment would be made to the hackers. However, further investigation revealed that the intruders also downloaded operational information and business-related details used by Grafana.
It’s important to note that the compromised data did not include customer production information, and Grafana Labs confirmed that their codebase remained unaltered throughout the incident. As a result, users who downloaded code during that period are not required to take any action.
Despite these assurances, Grafana Labs emphasized that ongoing investigations are underway, and they are committed to notifying affected customers directly if any new evidence emerges that may change the situation.
Automated pentesting tools provide valuable insights into network vulnerabilities, but they may not assess the effectiveness of your security controls, detection rules, or cloud configurations. This comprehensive guide explores the critical areas you should validate to enhance your cybersecurity posture.
Download our guide now to learn more.
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
