In recent developments, software auditing organization Codecov is currently under investigation by federal agencies due to an alleged security breach that had remained unnoticed for months, as was reported by Reuters.

To the unware, Codecov provides highly integrated tools to group, merge, archive, and compare coverage reports and documents.

Codecov software tools are implemented while testing software code for vulnerabilities

The client base of Codecov is 29,000 clients big including organizations like Atlassian, Proctor & Gamble, as well as GoDaddy, and the Washington Post.

The software organization has since acknowledged the security breach and has addressed the issue via its website.

The Codecov security breach and its severity:

According to the statements on the website, an unauthorized party had gained access to its Bash Uploader script and altered it without permission.

“Our investigation has determined that beginning January 31, 2021, there were periodic, unauthorized alterations of our Bash Uploader script by a third party,” noted Codecov.

As a result of the code modification, malicious actors could potentially export data stored in the company’s users’ continuous integration (CI) environments.

“This information was then sent to a third-party server outside of Codecov’s infrastructure.”

Subsequently, this data was transmitted to a third-party server, foreign to the Codecov IT infrastructure.

The modified version of the Bash Uploader tool could have compromised:

  • The Git remote information of repositories using the Bash Uploaders to upload coverage to Codecov in CI.
  • The services, datastores, and application code that could be accessed with these credentials, tokens, or keys.
  • Credentials, tokens, or keys that Codecov users were passing through their CI runner that would be accessible when the Bash Uploader script was executed.

The breach had reportedly struck the company in January however, was detected on April 1st, when a client of the software tool noticed that something was wrong with it.

Taking prompt action, Codecov had secured and remediated the potentially affected script and began investigating the extent to which users may have been impacted.

Since investigations are still underway, the software company yet to discover the knowhows or the perpetrator of the hack.

Official authorities and third-party security organizations are working in coordination with Codecov, assisting them to determine how users were primarily impacted in the security breach.

Perilous similarities with SolarWinds Cyberattack:

Expats analyzing the Codecov security breach are of the opinion that it could potentially have similar, ranging consequences as those of the vicious SolarWinds Cyberattack. 

The company has stated that its affected clients have been duly made aware of the security incident but refrains from disclosing them.

Codecov has also recommended its client base and users to update their existing credentials, tokens, and keys present in the environment variables in their CI processes that used one of Codecov’s Bash Uploaders to mitigate any further cybersecurity hazards.