SolarWinds Supply Chain Hack

Discussions center on the SolarWinds supply chain attack and similar breaches in companies like Linode and Ubiquiti, focusing on detection failures, poor disclosure, transparency issues, and accusations of negligence in security practices.

📉 Falling 0.4x Security

4,258

Comments

Years Active

Top Authors

#9938

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

121

2012

104

2013

237

2014

182

2015

164

2016

221

2017

293

2018

249

2019

240

2020

342

2021

531

2022

341

2023

427

2024

435

2025

315

2026

Top Contributors

tptacek (31) wglb (25) ryanlol (14) g051051 (14) kerng (14)

Keywords

IT US www.npr MAJOR techtarget.com HR PR ACL UDP CEO security breach hacked compromised incident attack utc 22 company supply chain

Sample Comments

dessimus • Oct 20, 2025 • View on HN

Something like this has happened in the proprietary world: the SolarWinds supply chain attack. IIRC, they were releasing breached versions for about a year, and I think it became known only when the US Government came knocking on SolarWinds door. SolarWinds potentially vetting every employee through HR had zero effect on preventing a supply chain attack.

dang • Nov 14, 2023 • View on HN

Related ongoing thread:We've learned nothing from the SolarWinds hack - https://news.ycombinator.com/item?id=38255923 - Nov 2023 (74 comments)

lawnchair_larry • May 30, 2013 • View on HN

Usually because either them or a high profile customer was hacked with it.

sysk • Nov 10, 2014 • View on HN

They probably got hacked. This happens to the best companies and nothing much can be done about it. I don't think it's fair to call them "so negligent" yet.

crypt1d • Jul 11, 2018 • View on HN

to be fair, many of them could be breached already, u just don't know about it yet. At least with OneLogin there was a disclosure and pressure from the public to improve their opsec.

alsodumb • Jul 21, 2024 • View on HN

You mean like the SolarWinds hack that happened a lil while ago?https://www.techtarget.com/whatis/feature/SolarWinds-hack-ex...

iepathos • Jun 17, 2022 • View on HN

This is incorrect you should re-read the post here cause I think you misunderstood the implication. They lacked the logging at the time to know what apps were impacted and the extent to which customers were compromised by this. They are legally obligated to disclose security risks like this which is why they did. You should consider setting a higher bar for your commendations.

gmmeyer • Sep 20, 2022 • View on HN

You don't wanna get hacked but basically everyone gets hacked, so it's more of a question of "how well does your security and monitoring stand up to hacking?"The big red flag here is that they didn't catch it for so long! How did they not notice?

spiderfarmer • Nov 24, 2025 • View on HN

If we don't know how it got compromised, chances are this attack is still spreading?

jhawk28 • Aug 3, 2021 • View on HN

that was the issue in the solar winds hack: https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-c...