[BreachExchange] Twilio Impacted By The Recent Codecov Supply-Chain Attack

Destry Winant destry at riskbasedsecurity.com
Fri May 7 10:37:21 EDT 2021 

https://www.ehackingnews.com/2021/05/twilio-impacted-by-recent-codecov.html

Cloud Communications Company ‘Twilio’ has posted a blog on Tuesday and
unfolded that its small number of users' emails have been penetrated by the
Codecov supply chain attack by unidentified threat actors.

As per some of last month's reports, the most simplified code coverage tool
Codecov was a victim of a supply-chain attack that lasted for two months.
Twilio said that the security of its users and products is the first
priority but as of now, they are seeing this cyberattack as a piece of
disturbing news for the organization and as well as for their customers.
Additionally, they wanted to inform us briefly about the Codecov
vulnerability that they have experienced and about the impact that it
leftover on them, and lastly how they had managed it.

"On April 22, 2021, we received a notification from GitHub.com that
suspicious activity had been detected related to the Codecov event and a
Twilio user token that had been exposed…”

"…GitHub.com had identified a set of GitHub repositories that had been
cloned by the attacker in the time before we were notified by Codecov," as
per the company.

In a recent post, Twilio disclosed that the firm uses Codecov code coverage
tools, including the compromised Bash Uploader script, in a number of its
projects. As soon as the company got to know about the incident and found
out that some of its customers have been targeted, they reviewed their
security measures while warning the impacted customers and rotating all
"potentially exposed credentials and secrets."

Additionally, the company concluded its blog post by saying that there are
no signals of any other customer data been accessed or at risk.

"This process ensures our technology supply chain always meets our
standards for security. When we become aware of an incident or
vulnerability within that supply chain, we move quickly to remediate the
issue or remove the software from our environment," the post reads.

Twilio has become the second known organization that has witnessed a
security attack related to the supply chain attack involving Codecov. Cloud
Cyber Security person HashiCorp had disclosed a breach publically on April
22. Interestingly, like Twilio, a key action that the company took was
rotating attacked information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210507/12806dff/attachment.html>

More information about the BreachExchange mailing list