Skip to content
The Nexus
SECURITYApr 27 · 21:04 UTCARS TECHNICADan Goodin

Open source package with 1 million monthly downloads stole user credentials

An open-source package with over 1 million monthly downloads, element-data, was compromised when attackers exploited a vulnerability in the developers’ account workflow to steal signing keys and sensitive data. The malicious version 0.23.3, pushed to Python Package Index and Docker accounts, scoured systems for credentials before being removed 12 hours later.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this