Codecov Hackers Accessed Monday.com Source Code

Share post:

Online workflow management platform, Monday.com said it found that unauthorized actors had gained access to a read-only copy of their source code after investigating the Codecov breach and its impact on the organization.

In the F-1 form filed this week with the U.S. Securities and Exchange Commission, the company also stated that there was no evidence that the source code was tampered with by the attackers or that any of the company’s products were affected by the breach.

The company added: “The attacker did access a file containing a list of certain URLs pointing to publicly broadcasted customer forms and views hosted on our platform and we have contacted the relevant customers to inform them how to regenerate these URLs.”

Prior to this week’s release, the company, which is also a Codecov customer, said it had to remove Codecov’s access to its environment and stop using the service completely after the Codecov supply chain attack was discovered.

The company’s security team said: “Upon learning of this issue, we took immediate mitigation steps, including revoking Codecov access, discontinuing our use of Codecov’s service, rotating keys for all of monday.com’s production and development environments, and retaining leading cybersecurity forensic experts to assist with our investigation.”

For more information, read the original story in Bleeping Computer.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways