A recent breach has prompted fears of another SolarWinds-style hack that could have ramifications for numerous large companies. Reuters reports that federal officials are investigating a hack at Codecov, a code testing firm with 29,000 customers that include Proctor & Gamble, the Washington Post and tech companies like Atlassian and GoDaddy. The intrusion appears to have lasted for months, putting clients at risk.
Codecov said that attackers exploited a flaw in a Docker image creation process to make “periodic, unauthorized” changes to the company’s Bash Uploader script starting on January 31st. The modifications gave the hackers power to export customer info and send it to an outside server. However, Codecov only learned of the incident on April 1st.
Our investigation has determined that beginning January 31, 2021, there were periodic, unauthorized alterations of our Bash Uploader script by a third party, which enabled them to potentially export information stored in our users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure.