Security News > 2021 > May > Twilio discloses impact from Codecov supply-chain attack
Cloud communications company Twilio has now disclosed that it was impacted by the recent Codecov supply-chain attack in a small capacity.
Today, cloud communications and VoIP platform Twilio has announced that it was impacted by the Codecov supply-chain attack.
Shortly after Codecov had disclosed the security incident concerning its Bash Uploader last month, Twilio was notified that they were impacted too.
On April 22nd, GitHub had also notified Twilio after detecting suspicious activity related to Codecov exposure, and that specifically a Twilio user token had been exposed.
Further, the company has rotated all secrets that could have been possibly exposed in the repositories, as a result of the Codecov supply-chain attack.
Twilio is not the first or the only company to be impacted by the Codecov supply-chain attack.
News URL
Related news
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Supply chain attack hits npm package with 45,000 weekly downloads (source)
- RVTools hit in supply chain attack to deliver Bumblebee malware (source)