A leaked Codecov script revealed a proprietary code-signing key, according to open-source organization HashiCorp’s discussion site.
Codecov, a company that produces software auditing applications for developers to see how thoroughly their code is reviewed, announced earlier this month that the script used to upload data to its servers has been tampered with by unknown actors. Since Codecov’s tools provide access to internal accounts, the script took advantage of this and exported the passwords to an unauthorized site.
Last week, Jamie Finnigan, director of product protection at HashiCorp, posted on the company’s discussion platform that HashiCorp was one of Codecov’s customers impacted by the tampered script.
To Read More: Venture Beat