CPaaS company Twilio has fallen victim to the Codecov breach. Via the vulnerability in Codecov’s software, an attacker managed to copy some of the company’s GitHub repositories.
Last month, it became known that software auditing company Codecov had fallen victim to a hack. An attacker had managed to add a backdoor to the company’s Bash Uploader script. This gave the attacker access to the data of all Codecov customers who used the script.
Email addresses captured
Twilio now appears to be one of the companies duped by this attack. In a blog post, the company explains that after the Codecov leak was discovered, it immediately started an investigation into the possible consequences for Twilio. This showed that a small number of e-mail addresses may have been stolen. Twilio has informed the owners of the affected addresses and has fixed the vulnerabilities.
Copy of GitHub repository
A week later, on 22 April, Twilio received a message from GitHub that suspicious activity had been detected around their GitHub repositories. As it turns out, an attacker had managed to clone some repositories in the period before Codecov went public with the hack. One of these repositories contained a small number of email addresses of Twilio customers. Apart from these and the previously leaked email addresses, no customer data seems to have been captured.
To prevent such data leaks from happening again, Twilio promises to constantly scan its repositories for the presence of secret information with an internal service called Deadshot. These scans are checked manually.
Other victims likely out there
Who is behind the Codecov attack remains unknown. The company says it is working with the relevant authorities to investigate the incident. It is likely that many other companies have fallen victim to the hack in addition to Twilio, but reports of this are rare to date.