Hackers have breached hundreds of firms belonging to San Francisco based Codecov after repurposing a software development tool to gain restricted access.
Codecov is a developer of software auditing tools, allowing software devs to see how well their code is performing within a given system. This process gives the program access to stored credentials over various accounts in the process.
Hackers used the automated auditing software to quickly copy these credentials and push the attack into further systems, expanding the data breach beyond just Codecov’s systems. The attack specifically targeted makers of software development programs and companies who have large bases of users who routinely make use of tech services, such as IBM.
This method could allow hackers to gain credentials for thousands of systems and networks according to anonymous investigators.
IBM released a statement saying that their code had not been altered as a result of the breach, but also did not confirm or deny that credentials had been stolen. An IBM spokeswoman has said that they are currently investigating the breach, but so far have found no cause for concern.
It is currently unclear who is responsible for the breach or if the attack was carried out by a foreign government according to investigators on the case.
Codecov had disclosed that hackers were tampering with parts of its software earlier in 2021, detected in March due to a customer complaint.
© Fourth Estate
® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.