Codecov hack aftermath: hundreds breached, many more to follow

Attackers who breached Codecov for over 2 months also reportedly hacked into hundreds of networks. The full extent of this incident is yet to unfold in the upcoming weeks.

Ax Sharma
2 min readApr 27, 2021
Photo by JJ Ying on Unsplash

On April 1st software testing firm, Codecov became aware of a security incident.

The company learned, that for over two months, Codecov’s Bash Uploader scripts used by hundreds or thousands of their customers had been altered with a malicious line of code that exfiltrated information in the environment variables present on the users’ CI/CD environments to an attacker’s IP address.

Bash Uploader exfiltrated environment variables to attacker’s IP address (BleepingComputer)

The flaw originated due to an error in the Docker image creation process, which, according to Codecov, “allowed the actor to extract the credential required to modify our Bash Uploader script.”

Codecov provides code coverage, testing, and stats to over 29,000 companies, and even has a handy GitHub app to integrate the tool right within your open-source software project.

As such, the security advisory released by Codecov strongly advised users to reset all of their credentials, tokens, or keys that were present in the environment variables in their CI processes that used Codecov uploaders.

Continue reading on Security Report for free.

The original post has been moved to Security Report due to multiple concerns about Medium expressed by many users [1, 2, 3].