Cybersecurity is Rapid7’s top priority, and when there is an incident that may pose a risk to our customers, we are transparent about it. We also believe that providing this level of transparency ultimately helps the security community better address potential pending threats and safeguard themselves from future attacks. With this in mind, we want to share an update concerning the security incident disclosed by Codecov and its potential impact on our company and customers, and how we managed the event.
What happened
On April 15, 2021, Codecov, a provider of code coverage solutions, announced a supply chain incident in which a malicious party gained access to Codecov’s Bash Uploader script and modified it, enabling the attacker to export data stored in environment variables on Codecov customers’ continuous integration (CI) systems to an attacker-controlled server. Codecov’s disclosure with more details is available at https://about.codecov.io/security-update/.
When we learned of this incident, we immediately kicked off our security incident response process. Our use of Codecov’s Bash Uploader script was limited: it was set up on a single CI server used to test and build some internal tooling for our Managed Detection and Response (MDR) service. We were not using Codecov on any CI server used for product code.
Like other Codecov customers, we have been actively investigating this incident in our environment, and after a thorough review and validation from a leading external cybersecurity forensics firm, we determined the following:
A small subset of our source code repositories for internal tooling for our MDR service was accessed by an unauthorized party outside of Rapid7
These repositories contained some internal credentials, which have all been rotated, and alert-related data for a subse ..
Support the originator by clicking the read the rest link below.
