Grafana Labs internal source code accessed

43 points by jschorr 4 hours ago

Is there anything of value in the internal codebase?

So many companies internal codebases are of approximately zero value to any outsider. The code is only a small proportion of the business.

dijksterhuis - 2 hours ago

non-twitter link https://xcancel.com/grafana/status/2055827123236171827#m

oori - 3 hours ago

Quote: “ The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase. ...we’ve determined the appropriate path forward is to not pay the ransom.”

deathanatos - 2 hours ago

Don't pay the Dane-geld: https://en.wikipedia.org/wiki/Dane-geld_(poem)

sangeeth96 - 2 hours ago

I wonder if this is related to the supply chain attack they talked about at GrafanaCon[1] or a fresh leak. If latter, wonder what they missed since it seemed like they got their detectors/scanners set up well. Curious to read the report on this.

[1] https://youtu.be/4D068lS85NY

iririririr - 3 hours ago

aren't they just psql tho? well, i guess we will find out soon.

anotherhue - 3 hours ago

Their whole repo had been made public !!!!

https://github.com/grafana/grafana

jchw - 2 hours ago

This is worse than the Linux kernel source code leaks of April 1st.
esseph - 2 hours ago

I think they mean grafana cloud.

fsckboy - 2 hours ago

>We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase.

I don't much like the securityese dialect of bureaucratese, but doesn't it make more sense as "We recently discovered that a threat actor obtained a token with access to the Grafana Labs GitHub environment, enabling the unauthorized party to download our codebase" ?

you can't just drop in buzzwords willy nilly, they buzz better in the right places.