"enabled them to potentially export information stored in our users' continuous integration (CI) environments."
Our tokens for GitHub were exposed and transferred to a 3rd party. I'm revoking my credentials now and that might break CI. I'll ping some others that I suspect are impacted. On Thu, Apr 15, 2021, 7:47 AM Marco de Abreu <marco.g.ab...@gmail.com> wrote: > Hi dev@, > > I created the codecov account for MXNet and just got this security notice. > Could somebody please have a look at it? > > Best regards > Marco > > ---------- Forwarded message --------- > From: Codecov Security <secur...@codecov.io> > Date: Thu, Apr 15, 2021 at 3:05 PM > Subject: Bash Uploader Security Notice > To: <marco.g.ab...@gmail.com> > > > Dear Codecov User: On Thursday, April 1st, we learned that someone... > The description of the campaign goes here. > > [image: Codecov] > < > https://link.codecov.io/dc/Gor7oKH2Tvq0X2bPwZVSMYGS985uFLD2I3hUkRb0KwmRKHUBAUJqDAdrpJ_fZEUzy5nGB2iodz779nOYPWUGGg==/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > > > Security Notice > > > > > Dear Codecov User: > > > > > On Thursday, April 1st, we learned that someone had gained unauthorized > access to our Bash Uploader > < > https://link.codecov.io/dc/lVBmwmYvOY7LtkCtFBifjOYsx6XwJuP1PM7MmLIT4SzLGvcKjDZWFtUwYuxTKW1du9Y83QOo4SeaBLlZJGWFS6_YfXWWmKLeXwE1UPxO0t7Mlu2XZbdnUC9v-UZyd_pCNgzsTJ1uRy32z5jcUBngqIXypkEEzehA4-Mg3c2M6nHzjCrElbOfaUCVnU57T5q6KJVFWxj_0CrrdxrLSedMNw==/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > script > and modified it without our permission. The actor gained access because > of an error in Codecov’s Docker image creation process that allowed the > actor to extract the credential required to modify our Bash Uploader > script. > > *Unfortunately, we can confirm that you were impacted by this security > event. * > > We strongly recommend taking action by reading our security notice > < > https://link.codecov.io/dc/c4Ov1985SwsWm5MPGNpcM2S8PMb_2CFVr-5_pmIXHj2RqRXvqaWi4hU8QVDmoQjiv_Tv0SqE-Qoa2F3VOl-6gNvlKRtxWABQujkgdgWfjv-F8ykfhnvDIHk8GoGqhikyTku9hbhywkpBX0bBQroHZ51JVT5O2c1058rGRHV_Tb7eGC9pFSgLLCM3BNsmENkF/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > about this event to understand how you are impacted and next steps you > should take. > > > > > > View Security Notice > < > https://link.codecov.io/dc/c4Ov1985SwsWm5MPGNpcM2S8PMb_2CFVr-5_pmIXHj2RqRXvqaWi4hU8QVDmoQjiFDvc3zfz7_hTfZPPxCzhSYIT32Z7gwsknrq8GO55C-NM61dNxR1vwR6pkxndZQnb3KUWl7-uLmMYeg1rpD26SaR6EgdyCVErFdEhwtEMjHcdA_QJ7DXIulWO1NjapIEP/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > > > > > > > Have questions about this security update? > > > Please view our FAQs for more information on this update. > > > > View FAQs > < > https://link.codecov.io/dc/c4Ov1985SwsWm5MPGNpcM2S8PMb_2CFVr-5_pmIXHj2RqRXvqaWi4hU8QVDmoQjiFDvc3zfz7_hTfZPPxCzhSYIT32Z7gwsknrq8GO55C-NM61dNxR1vwR6pkxndZQnb3KUWl7-uLmMYeg1rpD26SaR6EgdyCVErFdEhwtEMjHcxbEG0CWEAJKevQfaOMZac/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > > > > > > [image: Codecov] > < > https://link.codecov.io/dc/Gor7oKH2Tvq0X2bPwZVSMTWHeXrxpHvZouEWt6iaplNI9GoB7gdme6CR8A4xp3ZLIxgoLbUT4ijvdYqqkTK99g==/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > > > Codecov creates the best way for all development teams to trust each other > and the code that they collectively write, in the past, present and future. > > [image: Twitter] > < > https://link.codecov.io/dc/qRrMJDEUlv6ss-mBIC1z6jAFKcFHUmycURJVczCuSYA=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > [image: > LinkedIn] > < > https://link.codecov.io/dc/fG5-PlwEnZR-IoSdwCtjIpTVr9AsJHNwc_srhy7U9rVBwo0WT5Eygy4lSbxfnNF1/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > [image: > Github] > < > https://link.codecov.io/dc/KjJsydcFHp3qOIKwo1rLjUPm67xm-MTPdk0bKmJH26I=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > [image: > YouTube] > < > https://link.codecov.io/dc/M9Y3nowLDCcEv8uSbJAkaUXhEBB5rN7Y_3x87XmxUFTspdHGI74X-B0pLwNJnz12HtOGL8twZVZe4A4aznJ-TSX_76v_13tRoATXPmFlp2g=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > [image: > Discord] > < > https://link.codecov.io/dc/7lM4V2h3Ux1YIeo9OliDNSmCdOtyTR_Vvbn4jdXCeXQ=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > [image: > Instagram] > < > https://link.codecov.io/dc/qRrMJDEUlv6ss-mBIC1z6jAFKcFHUmycURJVczCuSYA=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > > Contact Us > < > https://link.codecov.io/dc/Gor7oKH2Tvq0X2bPwZVSMbT4GJoCooWanfuTyPtfo1CsEAZDlEXjNZh8die5yrXUEa6VOGFaOk3JN0h6ilS1e-QOGi01paoljcof-YogoTA=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > > > Address: > 9450 SW Gemini Drive #32076 > Beaverton, OR 97008 > United States > > > Email: > he...@codecov.io > < > https://link.codecov.io/dc/nSodXm47F0-kcMx7ee82MQId1GxljCm3jFHKlsOs4bA=/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > > > > > ©Codecov > Unsubscribe > < > https://link.codecov.io/MzMyLUxWWC03NDEAAAF8dJtK_nsfG5BfXA_90n4SseE_lT2RWr2Edstc9Tzdr7IyzD9ir1Bmk_x-q2oMI-5A8h4QwPE= > > > • Update Preferences > < > https://link.codecov.io/dc/c4Ov1985SwsWm5MPGNpcMyPDPVC37hGFQTuNsAxuM0Bp5yUbX8UTa9DSI_dGYPc2wbHQ659wa_FkwuAcCKATst5poGzD4TopuHVUvFUkMr0_UvXaPoPQvvvwooIDkbD-g2XEMWBF95oy2MXJJtyPwrPctqd-AzK57s0YbEl2L2sKp-TfVzQLKZtzsgNqEfWJ/MzMyLUxWWC03NDEAAAF8dJtK_mU0VgQL38hpuZPyo5Tvk23-UyTgk9M-51ppzdAF362m0Os7E1HiD4L0hdHKySYDqJg= > > >
