U.S. federal investigators are looking into an intrusion at the Software auditing firm in San Francisco Codecov which affected an unspecified amount of its 29,000 customers according to the company that it is a possibility of knock-on security breaches that affect other companies.
Codecov stated in a statement that hackers began to alter its software – which is utilized in technology to check code for errors and weaknesses – on Jan. 31. The intrusion was discovered earlier in the month, when a savvy user noticed something was different with the software, Codecov said.
While the implications of the breach remain unclear the incident has drawn similarity to the recent breach of Texas software company SolarWinds (SWI.N) by suspected Russian hackers, also as the breach may have an impact on numerous organizations that utilize Codecov as well as due to the duration of time that the compromised software was in use.
The company claims it is home to 29,000 clients which include the consumer products company Procter & Gamble Co, (PG.N) web hosting company GoDaddy Inc, (GDDY.N) The Washington Post and Australian software company Atlassian Corporation PLC. (TEAM.O)
P&G, GoDaddy, and The Post did not immediately respond to requests for comments. Atlassian stated that it knew about the incident and was looking into the matter.
“At this moment, we have not found any evidence that we have been impacted nor have identified signs of a compromise,” Atlassian declared via email.
Codecov is utilized in “big enterprises, small companies and open source tools alike,” said Dor Atias, the founder of the Israeli security firm for source code Cycode.
Subverting Codecov signifies “you can get a lot of data from a lot of big companies,” he stated. “It’s a huge deal.”
Codecov stated that there was a federal probe into the matter however, it declined to provide any further details on the details of its statement.
The Federal Bureau of Investigation and Department of Homeland Security’s cybersecurity division did not respond to messages seeking clarification on Friday.
