Grafana’s May 2026 Breach: How a Missed GitHub Token Led to Code Exfiltration

These packages contained credential‑stealing malware known as Mini Shai‑Hulud, designed to profile developer environments and harvest sensitive tokens from tools such as GitHub Actions and other CI systems.

Security researchers later reported that the operation spread quickly across the open‑source ecosystem, affecting more than 160 packages across npm and PyPI and targeting widely used developer tooling.

How Grafana’s GitHub token was exposed

Grafana’s internal investigation found that one of the malicious TanStack packages was executed inside its development environment. The embedded credential‑stealing component captured a GitHub workflow token used by Grafana’s CI/CD pipelines.

When the broader supply‑chain attack became known, Grafana initiated a credential‑rotation process. However, one GitHub workflow token was missed during the rotation, leaving a valid credential that attackers could still use.

With that token, the threat actors gained unauthorized access to Grafana’s GitHub environment and repositories.

What the attackers accessed

According to Grafana’s disclosures and external reporting, the intruders:

• Accessed the company’s GitHub environment
• Downloaded the Grafana source code repository
• Retrieved internal GitHub repositories used for collaboration and operational documentation

Additional reports indicate that the downloaded material may have included internal collaboration repositories, business contacts, and email addresses stored within those repositories.

Grafana said its investigation did not find evidence that customer data or personal information was accessed.

The extortion attempt

After downloading the repositories, the attackers issued a ransom demand threatening to publicly release the stolen data if Grafana did not pay.

The company confirmed the demand but declined to comply. Public reporting places the timeline roughly as follows:

• May 11, 2026: suspicious activity detected and incident response begins
• May 16, 2026: attackers issue an extortion demand

Grafana invalidated the compromised credentials and launched a forensic investigation immediately after detecting the intrusion.

Why Grafana says customers were not affected

Grafana emphasized that the breach was limited to its GitHub environment rather than its production infrastructure.

According to the company’s investigation:

• Production systems and Grafana Cloud infrastructure were not compromised
• Customer operations and environments were unaffected
• No customer data or personal information was accessed

Because the attack focused on repository access, the incident primarily involved code and internal documentation stored in GitHub, rather than operational systems.

Why the codebase was not modified

Grafana stated that the attackers downloaded repositories but did not alter the source code.

The activity observed during the incident involved unauthorized access and data exfiltration rather than attempts to tamper with code releases or production infrastructure. However, outside observers generally rely on Grafana’s internal forensic findings for this conclusion because detailed third‑party forensic evidence has not been publicly released.

How the breach fits the broader Mini Shai‑Hulud campaign

The Grafana incident illustrates a common attack path in modern software supply‑chain compromises.

The Mini Shai‑Hulud campaign spread through poisoned packages across developer ecosystems, targeting tools and CI environments used by maintainers and companies.

The typical chain looked like this:

1. Malicious package versions were distributed through legitimate repositories.
2. Developer or CI environments executed the packages.
3. Embedded malware harvested credentials and tokens.
4. Attackers used those credentials to access source‑control systems such as GitHub.
5. Data was exfiltrated and victims were threatened with extortion.

Grafana became one of the notable downstream victims when a stolen CI token combined with a single missed credential rotation provided attackers a foothold into its GitHub repositories.

The incident highlights how supply‑chain attacks increasingly target the development pipeline itself, where stolen CI tokens and automation credentials can provide direct access to an organization’s source code and internal systems.