Grafana breach caused by missed token rotation after TanStack attack

Grafana disclosed a breach caused by a malicious TanStack npm package that executed an info-stealer in its CI/CD, exfiltrating GitHub workflow tokens; despite rotating many tokens, one missed token allowed attackers (attributed to TeamPCP / the Shai-Hulud campaign) to access private repositories and download source code and business contact information. Grafana reports no customer production systems were compromised and the codebase was not modified; the investigation is ongoing.