Codecov, a popular software testing platform, said at the end of April 2021 that there had been a data breach that exposed the personal information of about 29,000 customers.
Security investigators have been keeping a close eye on the situation to figure out how big and what kind of attack it was. In this article, we’ll look at how far the investigation has come so far and talk about some possible effects of what happened.
Codecov 29k AprilSatterReuters Investigators
Codecov is a service that helps developers find bugs in their source code before releasing it to customers. Software companies like IBM and Atlassian, as well as government agencies like NASA, use the platform a lot.
Information about the breach
On April 15, 2021, Codecov said that an unauthorised actor had gotten into their Bash Uploader script, which gave them access to sensitive customer data like API tokens, credentials, and user keys.
Attackers had been able to get into these systems for three months starting on January 31, 2021, according to more research. During this time, they may have been able to look at customer data, but there is no proof yet that any customer data was taken or used in a bad way.
The event is being looked into
Since the breach was found, security investigators have been working hard to find out how big it is and what information attackers may have gotten to.
This has meant talking to witnesses and looking at logs from both Codecov’s own systems and those of third-party services they use (such as cloud hosting providers).
So far, investigators haven’t found any proof of bad behaviour or misuse of customer data, but their work is still going on.
April Satter Reports on the Investigation by Reuters
On April 23, 2021, Reuters released a report about what they had learned from their investigation.
According to their sources on Codecov’s internal security team, “the attacker had full access to certain parts of [Codecov’s] computing infrastructure for more than three months and could have stolen large amounts of sensitive data or planted malicious code without being caught.”
They also said that Codecov had found other possible entry points for attackers, which are now being looked into by security teams at both Codecov and third-party services with which they work (such as cloud hosting providers).
How it affects customers
Many customers who use Codecov’s services to do automated code reviews and tests before putting new versions of software into production environments are worried about what happened.
Companies like IBM and Atlassian were quick to respond to the breach by putting out statements telling users what steps they were taking (e.g., reviewing credentials associated with their accounts).
In a similar way, government agencies like NASA are said to be reviewing all contracts they already have with Codecov and have put a hold on any new contracts until further notice so they can look into any security holes in their own systems that may have been exposed by this incident.
The investigation into this data breach is still going on, but so far there is no evidence linking it directly to any malicious activity or misuse of customer data beyond the fact that confidential information about accounts registered with Codecov’s services was viewed.
Still, this event should serve as a reminder to all organisations of how important it is to review their security protocols on a regular basis to avoid similar problems in the future.