GovInfoSecurity Compliance DougOlenick) • April 16, 2021 Get Permission Codecov, a company that tests software code prior to release, has notified customers that attackers had access to its network for a month and placed malware in one of its systems, which may have led to the exfiltration of customers' information. The company says it learned from a customer on April 1 that attackers had gained access to its Docker image creation process and extracted the credentials needed to access and modify the company's Bash Uploader and other internal systems. An investigation determined the attackers routinely accessed the company's network for about a month. "Our investigation has determined that beginning Jan. 31, 2021, there were periodic, unauthorized alterations of our Bash Uploader script by a third party, which enabled them to potentially export information stored in our users' continuous integration environments. This information was then sent to a third-party server outside of Codecov's infrastructure," the company says.