Cloud Communications Company ‘Twilio’ has posted a blog on Tuesday and unfolded that its small number of users' emails have been penetrated by the Codecov supply chain attack by unidentified threat actors.
As per some of last month's reports, the most simplified code coverage tool Codecov was a victim of a supply-chain attack that lasted for two months. Twilio said that the security of its users and products is the first priority but as of now, they are seeing this cyberattack as a piece of disturbing news for the organization and as well as for their customers. Additionally, they wanted to inform us briefly about the Codecov vulnerability that they have experienced and about the impact that it leftover on them, and lastly how they had managed it.
"On April 22, 2021, we received a notification from GitHub.com that suspicious activity had been detected related to the Codecov event and a Twilio user token that had been exposed…”
"…GitHub.com had identified a set of GitHub repositories that had been cloned by the attacker in the time before we were notified by Codecov," as per the company.
In a recent post, Twilio disclosed that the firm uses Codecov code coverage tools, including the compromised Bash Uploader script, in a number of its projects. As soon as the company got to know about the incident and found out that some of its customers have been targeted, they reviewed their security measures while warning the impacted customers and rotating all "potentially exposed credentials and secrets."
Additionally, the company concluded its blog post by saying that there are no signals of any other custome ..