Grafana Labs internal source code accessed

6 comments

• sangeeth96 7 minutes ago
  I wonder if this is related to the supply chain attack they talked about at GrafanaCon[1] or a fresh leak. If latter, wonder what they missed since it seemed like they got their detectors/scanners set up well. Curious to read the report on this.

  [1] https://youtu.be/4D068lS85NY
• dijksterhuis 44 minutes ago
  non-twitter link https://xcancel.com/grafana/status/2055827123236171827#m
• oori 1 hour ago
  Quote: “ The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase. ...we’ve determined the appropriate path forward is to not pay the ransom.”
  [-]
  • deathanatos 31 minutes ago
    Don't pay the Dane-geld: https://en.wikipedia.org/wiki/Dane-geld_(poem)
• iririririr 1 hour ago
  aren't they just psql tho? well, i guess we will find out soon.
• anotherhue 1 hour ago
  Their whole repo had been made public !!!!

  https://github.com/grafana/grafana

  /s

  [-]
  • jchw 51 minutes ago
    This is worse than the Linux kernel source code leaks of April 1st.
  • esseph 30 minutes ago
    I think they mean grafana cloud.
• fsckboy 34 minutes ago
  >We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase.

  I don't much like the securityese dialect of bureaucratese, but doesn't it make more sense as "We recently discovered that a threat actor obtained a token with access to the Grafana Labs GitHub environment, enabling the unauthorized party to download our codebase" ?

  you can't just drop in buzzwords willy nilly, they buzz better in the right places.