investigators codecov 29k aprilsatterreuters

The investigation into the data breach found that 5.1 million documents were stolen from the investigators‘ database.

In the aftermath of the breach

  • 29k April has been identified by the Hacking Team’s security team as the team member tasked with investigating reports that an internal system had been compromised.
  • According to the investigation, on April 29, an unnamed hacker sent an email to Hacking Team’s system administrators informing them of the data theft and requesting money. A link to the Dropbox account where the stolen data were stored was also provided in the email. After receiving this email, the Hacking Team security team began investigating their systems for signs of compromise. They also made futile efforts to get in touch with April, who was out of the region.
  • When our security specialists analyzed the stolen data, they discovered no evidence that the networks of the Hacking Team had been infiltrated. Yet it seemed that April had been tricked into divulging her login information and had used it to access her email account. We believe the hacker gained access to April’s network by tricking her into visiting a fake website address or by sending her an email that included a malicious link or file, both of which broke her laptop and allowed the hacker access to the network.


April 29, 2019

Investigations into the event from March 2019 continue. We discovered that there were more than 5.1k lines of code in the April 29th release compared to just 1.4K lines of code in the April 4th release, indicating that there may have been a deliberate modification made to one or more files relevant to our test suite that would have an impact on performance.

investigators codec

investigation codec

March 29th

Investigators Codecov 29k AprilSatterReuters

History of Codecov

Developers may use the automated code review tool Codecov to discover errors in their source code before sending it to customers. Both governmental agencies like NASA and software companies like IBM and Atlassian often use the platform.

Information about the Data Breach

On April 15, 2021, Codecov reported that an unauthorized party had acquired access to their Bash Uploader script and obtained sensitive customer data, including API tokens, passwords, and user keys.

According to our study, these systems have been compromised over three months starting on January 31st, 2021. While it is believed that they had access to customer information throughout this time, there has been no indication that any of it was stolen or misused.

Investigations into the Incident

Since the breach was detected, security investigators have been actively working to understand what data the attackers may have stolen and to identify the scope of the incident.

For this, it has been required to speak with witnesses and examine logs from both Codecov’s systems and those of third-party services they interface with (such as cloud hosting providers).

Authorities are still examining, but they have not yet discovered any evidence of illegal activity or misuse of customer data.

April Satter Reuters Reports on Investigation

On April 23, 2021, Reuters published an article summarizing some of their investigation’s findings on the incident.

According to their sources in the internal security team at Codecov, the attacker “had gained full access to certain parts of [Codecov’s] computing infrastructure for more than three months and could have potentially exfiltrated large amounts of sensitive data or planted malicious code without detection.”

Moreover, they disclosed that security teams at Codecov and the third-party services they use have been looking into other possible entry points for attackers that Codecov has found (such as cloud hosting providers).

Impact on Customers

The problem worries several customers that rely on Codecov’s services for automated code reviews and testing before releasing new software versions into live environments.

Companies like IBM and Atlassian were quick to issue statements informing consumers of the responses they were taking in the wake of the occurrence (e.g., reviewing credentials associated with their accounts).

Simultaneous to this, it has been reported that government agencies like NASA are reviewing any existing contracts established with Codecov and temporarily stopping new ones till further notice as they look into any potential security flaws in their systems that may have been exposed by this incident.


Investigators are professionals that can help you with your data breach. We have helped several organizations and individuals after a data breach. If you think your company may have been hacked, we can help. If you think that your company has had a data breach, we can also help. We have years of experience conducting investigations into infractions and acquiring evidence for law enforcement and regulatory bodies. Please get in touch with us as soon as possible to find out how we can help.

Leave a Reply

Your email address will not be published. Required fields are marked *