US federal authorities are investigating a security breach suffered by software auditing company Codecov.
While Codecov has emailed all affected users, the nature of the changes to the script potentially puts thousands of customers at risk.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- Protect your devices with these best antivirus software
- These are some of the best endpoint protection software
- We’ve also rounded up the best ransomware protection tools
Analysis of the breach suggests the threat actor took advantage of a shortcoming in Codecov’s Docker image creation process, which allowed them to extract the credentials necessary to modify the Bash Uploader script.
Worryingly, it has emerged that the script was tampered with several times and the earliest unauthorized modification dates back to January 31, 2021.
As per reports, the intrusion was only detected several months later on April 1, thanks to a customer who noticed that there was something amiss.
In its statement, Codecov warns that any customers that have executed the tampered Bash Uploader script run the risk of losing their credentials, tokens, or keys stored in their continuous integration (CI) environments.
While Codecov has taken a number of steps to address the breach, the attack has triggered fears of a SolarWinds-scale supply chain attack, primarily because of the length of time the tampered script remained in use and given the size of Codecov’s customer base.
Codecov has announced that a federal investigation into the incident is in progress.
- Here's our choice of the best malware removal software on the market