US officials are looking into a hack at Codecov, a code testing business.

US officials are looking into a hack at Codecov, a code testing business.
US officials are looking into a hack at Codecov, a code testing business.

On April 16, Reuters reported that: U.S. federal authorities are looking into an infiltration at the San Francisco-based software auditing company Codecov that, according to the company, harmed an undetermined number of its 29,000 customers and raised the possibility of further intrusions at other businesses.

In a statement, Codecov claimed that on January 31, hackers started tampering with its software, which is used by the tech industry to test code for errors and vulnerabilities. However, the incursion wasn’t discovered until earlier this month when a perceptive user observed something odd with the tool, according to Codecov.

Although the consequences of the incident are still unknown, the hack drew comparisons to the recent hack of Texas software company SolarWinds (SWI.N) by allegedly Russian hackers, both because the Codecov breach may have repercussions at many of the organizations that use it and because of how long the modified software was in use.

The Washington Post, web hosting provider GoDaddy Inc., (PG.N), consumer products conglomerate Procter & Gamble Co., and Australian software company Atlassian Corporation PLC are among the 29,000 clients listed on the company’s website (TEAM.O)

P&G, GoDaddy, and The Post did not respond to requests for comment right away. Atlassian stated that it was aware of the issue and was looking into it.

In an email, Atlassian stated, “At this time, we have not discovered any evidence that we have been impacted nor have we identified signs of a compromise.

According to Dor Atias of the Israeli source code protection company Code, Codecov is used by “large firms, small businesses, and open source tools equally.”

He claimed that by subverting Codecov, “you can access a lot of data from a lot of significant corporations.” It is a big deal.

Codecov stated that a government probe into the situation was continuing but chose not to provide further details.

On Friday, messages left for the Federal Bureau of Investigation and the Department of Homeland Security’s cybersecurity division went unanswered.


Related Posts