The hack happened after the company used software from auditing company Codecov.
Cybersecurity firm Rapid7 announced this week that it has been the victim of a software supply chain breach. The incursion resulted in compromising customer data and partial source code that an attacker obtained by accessing the Codecov Bash uploader script.
Codecov is an online platform that provides hosted testing reports and statistics for users. The hack of the company dates back to January but Codecov did not detect the hack until April. Codecov said at the time that a hacker gained access because of an error on Codevoc’s Docker image creation process. That error allowed the extraction of credentials required to modify the company’s Bash Uploader scrip.
Rapid7 promises transparency about the incident
Rapid7 explained the breach in a blog post this week. The company said that upon becoming aware of the Codecov breach it immediately kicked off a security incident response process. “Cybersecurity is Rapid7’s top priority,” they wrote, “and when there is an incident that may pose a risk to our customers, we are transparent about it.”
“We also believe that providing this level of transparency ultimately helps the security community better address potential pending threats and safeguard themselves from future attacks. With this in mind, we want to share an update concerning the security incident disclosed by Codecov and its potential impact on our company and customers, and how we managed the event.”
The blog post explained that that Rapid7 only used the Codecov Bash Upload script on a single server used to test and build some internal tooling for its Managed Detection and Response service. They confirmed that an unauthorized party accessed a small subset of its source code repositories. These repositories are for internal tooling for Rapid7’s MDR service. But they also contained some internal credentials.
Those credentials have now all been rotated, with customers alerted.