Rapid7 says source code, credentials accessed as a result of Codecov supply-chain attack

Pierluigi Paganini May 14, 2021

Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack.

Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access to data for part of its customers and a small subset of its source code repositories for internal tools.

In April, the software company Codecov disclosed a major security breach after a threat actor compromised its infrastructure to inject a credentials harvester code to one of its tools named Bash Uploader.

The threat actor gained periodic access to the Bash Uploader script making changes to add malicious code. The malicious code would allow the attacker to intercept uploads and scan and collect any sensitive information, including credentials, tokens, or keys.

Code coverage is one of the major metrics companies, it provides code testing solutions to a broad range of organizations, including Atlassian, P&G, GoDaddy, and the Washington Post.

The security breach took place on January 31, but it was discovered on April 1st by one of its customers.

Shortly after the disclosure of the Codecov supply chain attack, the company launched an internal investigation to determine the potential impact on its infrastructure. The experts discovered that:

  • A small subset of our source code repositories for internal tooling for our MDR service was accessed by an unauthorized party outside of Rapid7
  • These repositories contained some internal credentials, which have all been rotated, and alert-related data for a subset of our MDR customers
  • No other corporate systems or production environments were accessed, and no unauthorized changes to these repositories were made

The repositories accessed by third-party contained internal credentials and alert-related data for a subset of its MDR (managed detection and response) customers. In response to the breach, the company reset the impacted credentials.

“We will update this notice if we learn new information that changes the scope of the impact described here. If you are a customer and have any questions or need further information, please contact your Account Team or email [email protected].” concludes Rapid7.

Please vote Security Affairs as Best Personal Blog

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, supply chain attack)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment