Codecov breach impacted ‘hundreds’ of customer networks: report
Codecov, a DevOps tool provider, suffered from a security breach that has impacted hundreds of clients, according to new information provided by US investigators working on the case. According to the investigators, the attackers responsible for the attack managed to both exploit Codecov software and use the organization as a starting point to compromise a large number of customer networks. Codecov offers code coverage and software testing tools, allowing users to deploy better code during the DevOps cycle. The attack occurred in late January of this year when a threat actor was able to exploit an error in Codecov’s Docker image creation process.
The investigators also stated that the attackers used automation to collect credentials and raid additional resources, including data hosted on the networks of other software development program vendors such as IBM. An IBM spokesperson stated that it did not see any indications of a breach and that there are currently no modifications of code involving clients. Codecov boasts over 29,000 enterprise clients.