"On Thursday, April 1, 2021, we learned that someone had gained unauthorized access to our
Bash Uploader script and modified it without our permission. The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script."