Codecov 29k Jan. Aprilsatterreuters

U.S. federal investigators are looking into an intrusion at the Software auditing company based in San Francisco Codecov which affected an unspecified amount of its 29,000 customers Codecov said in a statement it was investigating knock-on security breaches that affect other companies.

Codecov announced in a press release that hackers began to alter its software – used throughout technology to examine code for errors and weaknesses – as of the morning of Jan. 31. The intrusion was discovered earlier in the month, when a savvy user noticed something was different with the software, Codecov said.

The implications of the incident are not clear the incident has drawn similarities to the recent hacking of Texas software company SolarWinds (SWI.N) through suspected Russian hackers, not only as the breach could cause consequences that follow on to several of the companies which use Codecov and due to the time span that the compromised software was in use.

The company claims in its site that they have 29,000 customers, including the consumer merchandise company Procter & Gamble Co, (PG.N) web hosting company GoDaddy Inc, (GDDY.N) The Washington Post, and Australian software company Atlassian Corporation PLC. (TEAM.O)

P&G, GoDaddy, and The Post did not immediately respond to messages asking for comment. Atlassian claimed they were aware of the incident and was conducting an investigation.

“At this moment, we have not found any evidence that we have been impacted nor have identified signs of a compromise,” Atlassian declared via email.

Codecov is utilized in “big enterprises, small companies and open source tools alike,” said Dor Atias, the founder of Israeli security firm for source code Cycode.

Subverting Codecov is “you can get a lot of data from a lot of big companies,” he added. “It’s a huge deal.”

Codecov stated that there was a federal probe into the matter however, it declined to provide any further details on the statement.

The Federal Bureau of Investigation and Department of Homeland Security’s cybersecurity department did not respond to message seeking clarification on Friday.

2 COMMENTS