Data breach at Codecov

After an investigation, the company Codecov, which offers an online platform for code testing, has confirmed a data breach via a supply chain attack affecting its Bash Uploader script.

The incident, which has been active since 31 January, was detected on 1 April. A cybercriminal gained unauthorised access to the script, modifying it without permission, allowing to exfiltrate and send the information stored in shared environments with users to an external third party server.

Following the incident and after having reported it to the relevant authorities, Codecov repaired the script and took actions such as rotating credentials, auditing the source of the cause, implementing monitoring tools and decommissioning the malicious web server.