Codecov dev tool warns of stolen credentials from compromised script, undiscovered for two months

Environment variables full of secrets uploaded to attacker server

Codecov, makers of a code coverage tool used by over 29,000 customers, has warned that a compromised script may have stolen credentials over a period of two months, before it was discovered a few weeks ago.…

from The Register