A recent breach has sparked fears of another SolarWinds-style hack that could have ramifications for many large companies. Reuters reports that federal officials are investigating a hack at Codecov, a code testing firm with 29,000 customers that includes Proctor & Gamble, Washington Post and technology companies like Atlassian and GoDaddy. The intrusion appears to have lasted for months, endangering customers.
Codecov said the attackers exploited a flaw in a Docker image creation process to make “periodic, unauthorized” changes to Bash Uploader’s script since Jan. 31. The changes gave hackers the power to export customer information and send it to an external server. However, Codecov learned of the incident only on April 1. The team refreshed its internal connections, set up audit and monitoring systems, and asked the hosting provider to shut down the server, but was not sure how many clients were affected.
A Codecov spokesman declined to comment on the incident beyond the statement confirming federal involvement. Atlassian said it saw no evidence that it was affected, but Procter & Gamble and other companies did not initially respond. Reuters requests for comments.
The concern, as you might imagine, is that the authors could have obtained sensitive data from Codecov customers without giving them a chance to respond or notify their own users. It could be a minor incident if the attackers did not use the defect, but it could also be a crisis if there were successful thefts.
All Engadget recommended products are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.