They’ll have lost the source code for all the enterprise plugins (SAP, Salesforce, etc etc) they have, all the infrastructure as code and provisioning code to run their software in Grafana Cloud, all their closed source code for apps like IRM that were never open source, and probably a load of expensive source code they acquired through partnerships with companies like warpstream.
So yeah probably a six or seven figure loss. In particular the IaC means the attackers can spend tokens to find possible cloud vulnerabilities that will allow them to attack the cloud product, maybe even steal customer data.
They’ll have lost the source code for all the enterprise plugins (SAP, Salesforce, etc etc) they have, all the infrastructure as code and provisioning code to run their software in Grafana Cloud, all their closed source code for apps like IRM that were never open source, and probably a load of expensive source code they acquired through partnerships with companies like warpstream.
So yeah probably a six or seven figure loss. In particular the IaC means the attackers can spend tokens to find possible cloud vulnerabilities that will allow them to attack the cloud product, maybe even steal customer data.