Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

Rapid7 victim of a software supply chain breach

data breach
May 18, 2021

Rapid7 has disclosed that the attackers behind the Codecov breach had accessed some of the company's source code using a previously compromised Bash Uploader script from Codecov.

On April 15, 2021, Codecov, a provider of code coverage solutions, announced a supply chain incident in which a malicious party gained access to Codecov’s Bash Uploader script and modified it, enabling the attacker to export data stored in environment variables on Codecov customers’ continuous integration (CI) systems to an attacker-controlled server. Codecov’s disclosure with more details is available at https://about.codecov.io/security-update/.

In a statement, Rapid7 said, "When we learned of this incident, we immediately kicked off our security incident response process. Our use of Codecov’s Bash Uploader script was limited: it was set up on a single CI server used to test and build some internal tooling for our Managed Detection and Response (MDR) service. We were not using Codecov on any CI server used for product code."

Rapid7's investigation determined that a small subset of their source code repositories for internal tooling for their MDR service was accessed by an authorized party outside of Rapid7. These repositories contained some internal credentials, which have all been rotated, and alert-related data for a subset of their MDR customers.

No other corporate systems or production environments were accessed, according to Rapid7, and no authorized changes to these repositories were made. John Bambenek, Threat Intelligence Advisor at Netenrich, a San Jose, Calif.-based Resolution Intelligence provider, explains, “It appears according to Rapid7’s disclosure that the impact to customers is limited. Every MDR firm has their own custom tooling to help make their teams more effective and efficient. To the extent those tools have customer information, it should be limited, and would like relate to internal network information and applications a customer may have. For any of those customers, make sure they heed the information given to them by Rapid7 and to have increased vigilance around those systems that may have had sensitive information disclosed via this breach.”

Kevin Dunne, President at Pathlock, a Flemington, New Jersey-based provider of unified access orchestration, says, "Rapid7 is the latest company to be severely impacted by security supply chain related attacks. Security vendors are often high value targets, as they have deep, trusted access to networks that can provide an effective trojan horse for bad actors. Though the impact to Rapid7 customers seems minimal at the moment, customers should stay on high alert. Specifically, they will want to make sure they work closely with Rapid7's support and incident response teams to make any necessary updates required to reduce their risk exposure. In the meantime, they should monitor activity on their network, applications, and devices to highlight any suspicious behavior coming from Rapid7's software and mitigate any potential threats."

In the disclosure, Rapid7 says that cybersecurity is a top priority for the company, and "when there is an incident that may pose a risk to our customers, we are transparent about it. We also believe that providing this level of transparency ultimately helps the security community better address potential pending threats and safeguard themselves from future attacks."

Setu Kulkarni, Vice President, Strategy at WhiteHat Security, a San Jose, Calif.-based provider of application security, says, "Rapid7’s commentary on the issue they faced is another wakeup call for the entire industry. And also an example of transparency and accountability on behalf of Rapid7’s team."

Kulkarni adds, "Even though the use of the script was limited to one CI server to test and build some internal tooling in a non-production setup –even that narrow exposure resulted in outside actors accessing Rapid7’s code repos which had credentials and alert-related data for their MDR customers. For those small subset of customers that are affected – they have potentially critical alert-data that is now out there that could accurately point back to vulnerable systems in the customers’ enterprises.

He notes, "Broadly though it does highlight why customer related data should not be stored in code repos and if anything, using dummy anonymized data should be used for testing. The bottom line is that it does not matter if the weakness is in an obscure non-production solitary system meant to perform non-critical backend administrative functions because that system is in turn connected to a critical system somewhere – in this case the code repos with creds and alert-related data.”

KEYWORDS: data breach incident response information security risk management supply chain security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Colorful wires twisted together

    91% of organizations faced a software supply chain attack last year

    See More
  • Earth with spots lit up from space

    59% of organizations faced a software supply chain attack

    See More
  • cyber security

    98% of organizations have been impacted by a cyber supply chain breach

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing