A recent breach has prompted fears of another SolarWinds-style hack that could have ramifications for numerous large companies. Reuters reports that federal officials are investigating a hack at Codecov, a code testing firm with 29,000 customers that include Proctor & Gamble, the Washington Post and tech companies like Atlassian and GoDaddy. The intrusion appears to have lasted for months, putting clients at risk.
Codecov said that attackers exploited a flaw in a Docker image creation process to make “periodic, unauthorized” changes to the company’s Bash Uploader script starting on January 31st. The modifications gave the hackers power to export customer info and send it to an outside server. However, Codecov only learned of the incident on April 1st. The team refreshed its internal sign-ins, set up auditing and monitoring systems and had the hosting provider shut down the server, but it wasn’t certain how many customers had been affected.
A spokesperson for Codecov declined to comment on the incident beyond the statement confirming federal involvement. Atlassian said it hadn’t seen evidence it was affected, but Procter & Gamble and other companies hadn’t initially responded to Reuters requests for comment.
The concern, as you might imagine, is that the perpetrators might have obtained sensitive data from Codecov’s customers without giving them a chance to respond or notify their own users. It could be a minor incident if the attackers didn’t use the flaw, but it could also represent a crisis if there were any successful thefts.