The systems of freebie open-source code scanning tool Coverity Scan were hacked and abused to run a cryptocurrency mining operation, its operator has confirmed.
Synopsys, the firm behind Coverity Scan, said its corporate systems were not affected by the previously unexplained incident, which resulted in the suspension of the service for around four weeks until last Friday.
In a breach notice this weekend, Synopsys said:
As you may be aware, there recently was an interruption in the availability of the Coverity Scan service. In February 2018, we discovered that servers used for the Coverity Scan service were accessed by an unauthorized third party. The access appears to have started earlier in the month. We suspect that the access was to utilize our computing power for cryptocurrency mining. We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.
We have closed the method of access, and the Coverity Scan service is again available as a free service to the open source community. The Coverity Scan service data is backed up frequently, and Coverity Scan service data will be restored. We regret any inconvenience caused by the downtime of the Coverity Scan service.
Registered users have been asked to reset their passwords to access the service again.
Jim Ivers, vice president of marketing at Synopsys' Software Integrity Group, told El Reg the firm had called in computer forensics experts.
"The service was down for about four weeks. We took the service down immediately upon discovering the unauthorized access. We engaged a leading computer forensics company to independently assist in the investigation, and kept the service down until we completed the investigation. The investigation reported no evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed.
"We have addressed the source of the unauthorized access and took the down time to perform maintenance on the servers that drive the service. The service was restored Friday, March 16. The only interruption to the users was the unavailability of the service and that registered users had to reset their passwords on their first entry to the service once it was restored."
Ivers reiterated that Synopsys' corporate systems were not affected so its corporate data and intellectual property were never at risk.
"The servers used by Coverity Scan were not connected to any other Synopsys computer networks. The servers were purely for external access to the Coverity Scan service. No other Synopsys systems were affected by this event," he added. ®