Monday.com says its source code was hit in recent cyberattack
Monday.com said it is still investigating the scope of the breach
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Online collaboration toolMonday.comhas acknowledged that cybercriminals accessed a read-only copy of its source code.
Monday.com is an project management platform that counts the likes of Uber, BBC Studios,Adobe, Universal, Hulu, L’Oreal, Coca-Cola, and Unilever as customers.
The platform is one of a growing list of targets that has fallen prey to asupply-chain attackon software auditing companyCodecovlast month.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
Unauthorized users modified Codecov’s bash uploader script and used it for several months to siphon off credentials of its customers, one of them being Monday.com.
“While we have seen evidence that our source code was accessed due to the Codecov vulnerability, to date, we have found no evidence of any unauthorized modifications to our source code, or any impact on our products,” wrote Monday.com in a blog post last week, outlining their response to the Codecov incident.
The company was forced to reveal the news in documents filed with the U.S. Securities and Exchange Commission (SEC) as it prepares a stock exchange listing in the country.
Supply chain victims
Monday.com is just one in the string of Codecov customers that has been compromised by the Codecov attackers in typical supply-chain attack fashion.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Last month, an anonymous investigator from the FBI’s San Francisco office toldReutersthat the Codecov attackers put extra effort to break into the software auditing company that has thousands of customers, in order to infiltrate other “makers of software development programs” as well as companies that themselves provide many customers with technology services.
In addition to Monday.com, reports suggest thatcybersecurityfirm Rapid7, software developers HashiCorp,cloud communicationsplatformTwilio,cloud services providerConfluent, and insurance company Coalition, have all been affected by the Codecov breach in some way.
ViaBleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Should your VPN always be on?
3 reasons why PIA fell in our best VPN rankings
LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand
