Grafana Says It Rejected Ransom Demand After Source Code Theft (hackread.com)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

6 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] unexposedhazard@discuss.tchncs.de 21 points 1 day ago

Do they have closed source stuff or what? They didnt touch on this aspect in the article at all. Why is source code leaking a concern for an open source project?

[-] Pieisawesome@lemmy.dbzer0.com 15 points 1 day ago

Grafana has open source projects, but they also have tons of closed source software. I would describe them more as open core

[-] higgsboson@piefed.social 5 points 1 day ago

Open core was how Grafana employees described it to me during their interview process.

[-] thr0w4w4y2@sh.itjust.works 6 points 1 day ago

They’ll have lost the source code for all the enterprise plugins (SAP, Salesforce, etc etc) they have, all the infrastructure as code and provisioning code to run their software in Grafana Cloud, all their closed source code for apps like IRM that were never open source, and probably a load of expensive source code they acquired through partnerships with companies like warpstream.

So yeah probably a six or seven figure loss. In particular the IaC means the attackers can spend tokens to find possible cloud vulnerabilities that will allow them to attack the cloud product, maybe even steal customer data.

[-] p03locke@lemmy.dbzer0.com 3 points 1 day ago

"Journalism"

this post was submitted on 18 May 2026

40 points (100.0% liked)

Cybersecurity

9991 readers

236 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social