Security firm Rapid7 has confirmed attackers have accessed a subset of its source code, which contained internal credentials and alert-related data, following an investigation launched after the Codecov supply chain attack.
Codecov, which provides tools to verify how well software tests cover code in development, announced the attack on April 15. Attackers had modified its Bash Uploader Script to export sensitive data, including credentials, software tokens, and keys, Codecov said. It advised clients to create a list of credentials that its software could access and consider them compromised.
Rapid7 launched an incident response process. It notes its use of the Bash Uploader script was limited; it had been deployed on a continuous integration server used to test and build internal tooling for its managed detection and response (MDR) service.
The investigation revealed unauthorized attackers accessed "a small subset" of Rapid7 source code repositories for internal tooling for its MDR service. Repositories contained some internal credentials, which the company says have been rotated, as well as alert-related data for some of its MDR customers. No other corporate systems or production environments were accessed.
Affected clients have been notified.
Read Rapid7's full blog post for more information.