Source code and credentials belonging to cybersecurity company Rapid7 were accessed by an unauthorized third party during a supply-chain attack on Codecov. Starting on January 31, hackers gained restricted access to hundreds of networks belonging to Codecov's customers by tampering with one of the San Francisco–based company's software development tools. Codecov, whose customers include IBM and Hewlett-Packard, announced on April 15 that a malicious party had gained access to its Bash Uploader script and modified it. "The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script," stated Codecov.