Unidentified parties improperly accessed a small portion of Rapid7’s source code repositories. Unidentified party gained access to a small subset of the company’s internal tooling repositories. The incident occurred in the wake of a software supply chain compromise targeting Codecov earlier this year. Codecov alerted customers that its Bash Uploader utility had been infected with a backdoor as early as January 31 by unknown parties to gain access to authentication tokens for various internal software accounts used by developers. Rapid7 notified a select number of customers who may have been impacted by the breach.
Source: https://thehackernews.com/2021/05/rapid7-source-code-breached-in-codecov.html