Data Beach

Rapid7 has Disclosed that Some Code Repositories were Accessed in Codecov Supply-Chain Attack

Cybersecurity vendor Rapid7 disclosed it was among the victims of the Codecov software supply chain attack and warned that data for a subset of its customers were accessed in the breach.

Codecov Supply-Chain Attack

On April 15, 2021, the software company Codecov, a provider of code coverage solutions, announced a supply chain incident in which a malicious party gained access to Codecov’s Bash Uploader script and modified it, enabling the attacker to export data stored in environment variables on Codecov customers’ continuous integration (CI) systems to an attacker-controlled server.

The malicious code would allow the attacker to intercept uploads and scan and collect any sensitive information, including credentials, tokens, or keys. Hundreds of clients were potentially impacted, and now, Rapid7 has confirmed that the company was one of them.

Rapid7 says, “Our use of Codecov’s Bash Uploader script was limited: it was set up on a single CI server used to test and build some internal tooling for our Managed Detection and Response (MDR) service. We were not using Codecov on any CI server used for product code.” 

After the disclosure of the Codecov supply chain attack, the company launched an internal investigation to determine the potential impact on its infrastructure.

The experts discovered that:

  • A small subset of source code repositories for internal tooling for our MDR service was accessed by an unauthorized party outside of Rapid7
  • These repositories contained some internal credentials, which have all been rotated, and alert-related data for a subset of our MDR customers
  • No other corporate systems or production environments were accessed, and no unauthorized changes to these repositories were made

The repositories accessed by third-party contained internal credentials and alert-related data for a subset of its MDR (Managed Detection and Response) customers. In response to the breach, the company reset the impacted credentials.

Codecov has removed the unauthorized actor from its systems and is setting up monitoring and auditing tools to attempt and prevent another supply chain attack from occurring in the future.

Rapid7 have contacted the small subset of customers who may be impacted by this incident to ensure they take appropriate steps to mitigate any potential risk.

 “We will update this notice if we learn new information that changes the scope of the impact described here. If you are a customer and have any questions or need further information, please contact your Account Team or email”, concludes Rapid7.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

10 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

14 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

14 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

16 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

17 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

18 hours ago