Monday.com has recently disclosed the impact of the Codecov supply-chain attack that affected multiple companies. Monday.com is an online workflow management platform used by project managers, sales and CRM professionals, marketing teams, and various other organizational departments. The platform’s clients include prominent businesses like Uber, BBC Studios, Adobe, Universal, Hulu, L’Oreal, Coca-Cola, and Unilever. It was reported last month that the code coverage tool Codecov, has been a victim of a supply-chain attack that lasted for approximately two months. During that period, the attackers modified the legitimate Codecov Bash Uploader tool to steal environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers’ CI/CD environments. Using the stolen credentials, the Codecov attackers reportedly breached hundreds of customer networks. Codecov customer Monday.com has recently announced that it was impacted by the Codecov supply-chain attack. After their investigation into the Codecov breach, Monday.com found that unauthorized actors had gained access to a read-only copy of their source code.
Codecov Attackers Gained Access to Monday.com Source Code
Codecov users should scan their CI/CD environments and networks for any signs of compromise, and as a safeguard, rotate all secrets that may have been exposed. It also advisable to change user credentials that are associated with Codecov to try and stop malicious use of the stolen credentials.