U.S. Federal Investigators Are Reportedly Looking Into Codecov Security Breach, Undetected for Months
federal investigators are purportedly looking into a security breach at Codecov, a platform used to test software code with more than 29,000 customers worldwide, Reuters reported on Saturday.
Gizmodo reached out to Codecov to confirm whether there was a federal probe into the incident, but the company said it did not have any other additional comments besides Engelberg’s statement on its website.
In the security update, Engelberg explained that the threat actor gained unauthorized access to the company’s Bash Uploader script and modified it, allowing them to potentially access any credentials, tokens, or keys stored in customers’ continuous integration environments as well as any services, datastores, or application code that could be accessed with those credentials, tokens, or keys.
“The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script,” Engelberg said.
“Immediately upon becoming aware of the issue, Codecov secured and remediated the affected script and began investigating any potential impact on users.”
The company added that it had engaged a third-party forensic firm to help it analyze the impact on its users.
After carrying out an investigation into the incident, the company determined that the threat actor had made periodic alterations of its Bash Uploader script beginning on Jan.
Codecov said it emailed affected users on April 15 to the email on file from Github, Gitlab, and Bitbucket and also enabled a notification banner for affected users after they log into Codecov.
“We strongly recommend affected users immediately re-roll all of their credentials, tokens, or keys located in the environment variables in their CI processes that used one of Codecov’s Bash Uploaders,” Engelberg said.
Codecov stated that it’s taken a number of steps to address security, including rotating all relevant internal credentials, setting up monitoring and auditing tools to make sure that threat actors can’t modify the Bash Uploader again, and working with the hosting provider of the third-party server to ensure it was properly decommissioned, among other actions.“Codecov maintains a variety of information security policies, procedures, practices, and controls.
We continually monitor our network and systems for unusual activity, but Codecov, like any other company, is not immune to this type of event,” Engelberg stated.