The inquiry into the security breach has uncovered the fact that 5.1 million documents were taken from the database maintained by the investigators.
In the aftermath of the breach
In the wake of the data breach, it has come to light that 29k April was a member of the security team of the Hacking Team. As part of this team, April’s responsibility was to investigate claims that an internal system had been breached.
The investigation has shown that on April 29, an anonymous hacker contacted Hacking Team’s system administrators through email to alert them of a data breach and demand a ransom for the data. The files that had been taken were accessible via a link in the email that led to a Dropbox account. Following receiving this email, the security team at Hacking Team immediately started looking for any indications that their systems had been compromised. They also attempted unsuccessfully to get in contact with April who was out of town at the time.
After evaluating the stolen data, our security experts concluded that there was no sign of a compromise in the Hacking Team’s networks. However, it looked like April had been fooled into handing up her credentials and then used them to access her own email account. We suspect that the hacker obtained access to April’s network by sending an email to her that included a malicious link or attachment (or by fooling her into clicking on a bogus website Address), which compromised her laptop and enabled him to acquire access to the network.
April 29, 2019
Our investigation into the occurrence that occurred in March 2019 is still ongoing. We have determined that there were over 5.1 thousand lines of code in the release that was made on the 29th of April, whereas there were only 1.4 thousand lines of code in the release that was made on the 4th of April during a time when we believe an intentional change was made to one or more files related to our test suite that would impact performance.
Code of Criminal Procedure Inquiries
Impact on Customers
Several clients that depend on Codecov’s services for automated code reviews and testing before deploying new software versions into production settings have expressed worry as a result of the event.
Organizations like IBM and Atlassian were fast to react by posting announcements telling users about the actions they were taking as a response to the intrusion in their systems (e.g., reviewing credentials associated with their accounts).
In a similar vein, it has been reported that government agencies such as NASA are in the process of reviewing all of the existing contracts that have been signed with Codecov, while at the same time temporarily suspending the signing of any new contracts until further notice. This is being done so that they can investigate potential vulnerabilities in their own systems that may have been exposed by this incident.
Details of the Data Breach
On the 15th of April, 2021, Codecov disclosed that an unauthorized actor had accessed their Bash Uploader script, which granted the intruder access to sensitive client data like API tokens, passwords, and user keys.
During more research, it was discovered that the systems in question had been breached by attackers over the course of a period of three months beginning on the 31st of January, 2021. During this period of time, it is thought that they were able to access client data; however, there has been no evidence to suggest that any consumer data was abused or stolen in any way.
Investigations into the Incident
Since the security flaw was discovered, investigators have been working diligently to determine its breadth and identify the types of information that may have been accessed by those responsible for the incident.
In order to do this, Codecov has been conducting interviews with witnesses and examining logs taken from its own systems as well as those taken from third-party services with whom it interacts (such as cloud hosting providers).
Investigators have not found any proof of malicious behavior or inappropriate use of consumer data as of yet, but the investigations are still continuing.
April Satter Reuters Reports on Investigation
On April 23rd, 2021, Reuters released a report in which they detailed some of the conclusions they reached after conducting an investigation into the event.
“The attacker had gained full access to certain parts of [Codecov’s] computing infrastructure for more than three months,” their sources within Codecov’s internal security team stated. “The attacker could potentially have infiltrated large amounts of sensitive data or planted malicious code without detection.”
They also claimed that Codecov has discovered more potential entry points for attackers, which are now being researched further by the security teams of both Codecov and the third-party services with whom they interface (such as cloud hosting providers).
Investigators are highly trained professionals that are able to assist you with your data breach. In the wake of a data breach, we have assisted a large number of businesses as well as individuals. We are able to assist you in the event that you believe there may have been a security breach at your firm. Nevertheless, if you have reason to believe that a data breach has occurred at your firm, we are able to assist you. We have a significant amount of expertise conducting investigations into breaches and gathering evidence for governmental regulatory and criminal enforcement authorities. Please get in touch with us right away to find out more about the ways in which we might be of assistance.