Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access to data for part of its customers and a small subset of its source code repositories for internal tools.
In April, the software company Codecov disclosed a major security breach after a threat actor compromised its infrastructure to inject a credentials harvester code to one of its tools named Bash Uploader.
The threat actor gained periodic access to the Bash Uploader script making changes to add malicious code. The malicious code would allow the attacker to intercept uploads and scan and collect any sensitive information, including credentials, tokens, or keys.
Code coverage is one of the major metrics companies, it provides code testing solutions to a broad range of organizations, including Atlassian, P&G, GoDaddy, and the Washington Post.
The security breach took place on January 31, but it was discovered on April 1st by one of its customers.
Shortly after the disclosure of the Codecov supply chain attack, the company launched an internal investigation to determine the potential impact on its infrastructure. The experts discovered that:
The repositories accessed by third-party contained internal credentials and alert-related data for a subset of its MDR (managed detection and response) customers. In response to the breach, the company reset the impacted credentials.
“We will update this notice if we learn new information that changes the scope of the impact described here. If you are a customer and have any questions or need further information, please contact your Account Team or email firstname.lastname@example.org.” concludes Rapid7.
Please vote Security Affairs as Best Personal Blog
(SecurityAffairs – hacking, supply chain attack)