PyPI Package elementary-data Compromised to Steal Developer Data

A malicious release of the popular elementary-data package on PyPI, which has over 1.1 million monthly downloads, allowed an attacker to steal developer data through a sneaky backdoor. This widely-used open-source tool for data observability in dbt pipelines became a prime target for the secrets-stealing campaign.

https://osintsights.com/pypi-package-elementary-data-compromised-to-steal-developer-data?utm_source=mastodon&utm_medium=social

#OpensourceCompromise #SupplyChain #PackageManager #Pypi #DataObservability