Following an investigation launched after the Codecov supply chain attack, security firm Rapid7 has reported that attackers gained access to a subset of its source code, which contained alert-related data and internal credentials.
The attack was announced on April 15 by Codecov, a company that offers tools for determining how well software tests cover code in progress. According to Codecov, attackers changed its Bash Uploader Script to export sensitive data such as software tokens, credentials, and keys. It instructed clients to make a list of credentials that their software could access and consider it compromised.
To Read More: darkreading