May 19, 2021

Online workflow management platform, Monday.com said it found that unauthorized actors had gained access to a read-only copy of their source code after investigating the Codecov breach and its impact on the organization.

In the F-1 form filed this week with the U.S. Securities and Exchange Commission, the company also stated that there was no evidence that the source code was tampered with by the attackers or that any of the company’s products were affected by the breach.

The company added: “The attacker did access a file containing a list of certain URLs pointing to publicly broadcasted customer forms and views hosted on our platform and we have contacted the relevant customers to inform them how to regenerate these URLs.”

Prior to this week’s release, the company, which is also a Codecov customer, said it had to remove Codecov’s access to its environment and stop using the service completely after the Codecov supply chain attack was discovered.

The company’s security team said: “Upon learning of this issue, we took immediate mitigation steps, including revoking Codecov access, discontinuing our use of Codecov’s service, rotating keys for all of monday.com’s production and development environments, and retaining leading cybersecurity forensic experts to assist with our investigation.”

For more information, read the original story in Bleeping Computer.