U.S. federal investigators are investigating an intrusion into the Software auditing firm based at San Francisco Codecov which affected an unspecified portion of its 29,000 customers. Codecov stated in a statement it was looking into security breaches that could knock-on effects to other businesses.
Codecov declared in an announcement that hackers had begun to modify the software used by technology to check the code for weaknesses and errors at the time of January. 31. The intrusion was discovered at the beginning of the month after a smart user noticed that something was off in the software, Codecov said.
What the implications are of this incident are unclear. incident has drawn parallels to the recent hacking attack on Texas Software company SolarWinds (SWI.N) by believed Russian hackers, but not just because the breach could have negative consequences for many of the companies that employ Codecov and due to the duration when the software that was compromised was being used.
The company boasts on their website the presence of 29,000 clients, including the consumer goods firm Procter & Gamble Co, (PG.N) web hosting company GoDaddy Inc, (GDDY.N) The Washington Post, and Australian software company Atlassian Corporation PLC. (TEAM.O)
P&G, GoDaddy, and The Post did not immediately respond to requests for a response. Atlassian claimed they knew about the incident and were conducting an investigation.
“At this moment, we have not found any evidence that we have been impacted nor have identified signs of a compromise,” Atlassian stated in an email.
Codecov is used by “big enterprises, small companies and open source tools alike,” said Dor Atias, co-founder of the Israeli security company for Source codes Cycode.
A key reason to subvert Codecov will be “you can get a lot of data from a lot of big companies,” he said. “It’s an enormous deal. “
Codecov declared the existence of a national investigation into the issue, but the company declined to provide additional details regarding the statement.
Federal Bureau of Investigation and Department of Homeland Security’s cybersecurity division didn’t respond to a request asking for clarity on the matter last Friday.