AWS, Google, Azure, Apache, Alibaba, Atlassian, Mozilla and many more are ALL victims of the Codecov attack, referenced here:
Which means their CI/CD and build processes have been compromised by the attackers.
These companies failed more than Codecov:

Their failure is in doing the extremely insecure action of blindly downloading and executing a remote shell script without so much as a hash verification! So, they deserved that outcome due to gross negligence. They are at more fault than Codecov, who failed the entire industry.

It is absolutely inexcusable that such an obviously insecure execution method was used by such big orgs and in critical processes in the software supply chain. Codecov's failure to detect the change of the script is another level of gross negligence. That script was critical.

A good lesson in here for all of us:
Do not copy what the big orgs are doing: they don't know what they're doing. You're by yourself, only you can help your organization be safe by actually doing what's verified to be safe, not just blindly copying what everyone else is doing

This Codecov compromise has the potential to be many times worse than the SolarWinds compromise. Don't believe me? Search github for the URL of the hacked bash script by Codecov, and see who else is blindly executing it in their build process. Hint:everyone