Is there anything of value in the internal codebase?

So many companies internal codebases are of approximately zero value to any outsider. The code is only a small proportion of the business.

non-twitter link https://xcancel.com/grafana/status/2055827123236171827#m

Quote: “ The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase. ...we’ve determined the appropriate path forward is to not pay the ransom.”

I wonder if this is related to the supply chain attack they talked about at GrafanaCon[1] or a fresh leak. If latter, wonder what they missed since it seemed like they got their detectors/scanners set up well. Curious to read the report on this.

[1] https://youtu.be/4D068lS85NY

aren't they just psql tho? well, i guess we will find out soon.

Their whole repo had been made public !!!!

https://github.com/grafana/grafana

/s

>We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase.

I don't much like the securityese dialect of bureaucratese, but doesn't it make more sense as "We recently discovered that a threat actor obtained a token with access to the Grafana Labs GitHub environment, enabling the unauthorized party to download our codebase" ?

you can't just drop in buzzwords willy nilly, they buzz better in the right places.