US federal officials are investigating a recent breach at Codecov, a code testing firm. Clients use Codecov’s platform to test their software and code for mistakes and vulnerabilities. The firm has over 29,000 customers including giant companies like Proctor & Gamble, the Washington Post, GoDaddy, etc.
This breach made companies uneasy as most clients of Codecov are now at risk. Apparently, the invasion was going on for months. The hackers accessed the Bash Uploader script and altered it without the company knowing.
CEO of Codecov, Jerrod Engelberg said,” there were modifications to the Bash Uploader script since January 31, 2021 “. No one approved those modifications. Bash Uploader is a software development tool of Codecov.
The hacker most likely gained access to the following information of Codecov’s customers
- Any Credentials, tokens, or keys customers passed through their CI runner.
- Application codes, data stores. These are accessible through the credentials and tokens/keys.
- The URL of the repositories using Bash Uploader.
No one detected the breach for months. On April 1, 2021, a customer highlighted some issue with the tool. In the words of Jerrod Engelberg,” Immediately upon becoming aware of the issue, Codecov secured and remediated the potentially affected script and began investigating the extent of the impact on the users.”
Currently, Codecov is not aware of the hacker’s identity. But the company thinks a third-party server outside of Codecov’s infrastructure received the hacked information. Codecov sent emails to the users who were in affected zone to notify them. They recommended the users to immediately re-roll their credentials and keys in their CI processes of Bash Uploader.
Codecov has hired a third-party forensics and reported the issue to law enforcement. People are worried if this Codecov breach is linked to the SolarWinds intrusion which took place last year. Clients of Codecov, Atlassian Corporation PLC and IBM said they did not see any signs of impact to their data. But all the safe companies took the breach seriously and reset their credentials.