It appears that the recent Codecove system breach is much more widespread than initially thought. As per Reuter’s report, hackers who modified Codecove’s Bash Uploader tool have used it to gain restricted access to hundreds of networks belonging to the company’s customers.
Last week, Codecov disclosed a security incident involving its Bash Uploader script, a tool that provides a framework and language-agnostic method for sending coverage reports to Codecov. The company said that an unauthorized party had gained access to Bash Uploader and modified it without permission. The attackers were able to gain access because of an error in Codecov’s Docker image creation process that allowed them to extract the credentials required to modify the Bash Uploader script. What’s more interesting, the hack went undetected for more than a month before it was discovered on April 1.
Citing unnamed sources familiar with the investigation, Reuters said the attackers deployed automation to use the collected customer credentials to get inside client’s networks, including other makers of software development programs, as well as companies that provide many customers with technology services, including IBM.
An IBM spokeswoman told Reuters that the company is “investigating the reported Codecov incident and have thus far found no modifications of code involving clients or IBM.”
Codecov has over 29,000 customers, including prominent names like GoDaddy, Atlassian, The Washington Post, Procter & Gamble (P&G), and Hewlett Packard Enterprise. The latter said that it was still trying to determine if the company or its customers were affected by the breach.