Hacking intrusion at software auditing company affects a portion of its 29,000 customers
A software auditing company has suffered a data breach that affects a portion of its customers. The company, Codecov, develops and distributes software that helps companies test their software for vulnerabilities. The intrusion has raised concerns about other companies that rely on the company’s services. Federal investigators are now investigating the intrusion.
Codecov, an online platform that hosts code coverage reports, has been around since 2014. It now has over 29,000 users, and over 1 million developers. One of the main tools is the Bash Uploader, which is used by developers to upload their source code. Users can use the reports to analyze how much code coverage they’ve got. However, there have been cases where codecov users have been hacked.
Codecov customers affected
Codecov is a software auditing company that is undergoing an investigation after an alleged intrusion. The intrusion is said to have affected 29,000 customers. It was detected on Jan. 31 by an astute user, who subsequently alerted Codecov’s security team. The company says that a hacker modified software that it uses to check code.
Codecov is a popular source code protection service used by small and large companies. The software is free and is based on open source tools. The Israeli source code protection firm Cycode also uses it. The company said it was investigating the breach and declined to comment further. The Federal Bureau of Investigation and the Department of Homeland Security’s cybersecurity arm did not respond to requests for comment.
The security firm is recommending that all users of Codecov re-roll their credentials and tokens. They should also manually revoke any existing secrets and generate new ones. In addition, Cycode is releasing free software to identify the compromised secrets. It also recommends that customers check the authenticity of bash uploader scripts to ensure that they are not affected by the attack.
While it remains unclear exactly how many Codecov customers were affected, it is possible that it will affect a very large number of users. The breach is believed to have happened over two months. The hackers were able to access customer networks after modifying a script in a Docker image. In some cases, the attackers managed to access user credentials and exfiltrate sensitive data.
Codecov has since fixed the issue. The company has notified affected customers by email. They should roll back their credentials to avoid exposing themselves to a breach. The company has also partnered with a third party cyberforensics firm to conduct an audit and installed a new monitoring system.
Although the Codecov breach was not large, it shows the path an attacker may take to compromise a company. The attackers chose to attack private git repositories, making it clear that Codecov customers should take action immediately. In addition to fixing the breach, Cycode is also offering free services to customers who are affected by the breach.