Massive Open Source Supply Chain Attack Steals Credentials from 1 Million Monthly Users

Critical Credential Theft Hits Popular ML Monitoring Tool

A widely used open source package, element-data, with over 1 million monthly downloads, has been compromised in a targeted supply chain attack. The malicious version, tagged 0.23.3, silently harvested sensitive credentials including cloud provider keys, API tokens, SSH keys, and warehouse credentials from infected systems.

Attackers exploited a vulnerability in the developers' account workflow to gain access to signing keys, allowing them to push the rogue update to both the Python Package Index (PyPI) and Docker Hub. The malicious release was live for approximately 12 hours before being discovered and removed on Saturday.

Immediate Impact and Developer Warning

"Users who installed 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed," the elementary-data development team stated. They urged all affected users to rotate credentials immediately and audit their systems for unauthorized access.

Elementary Cloud, the Elementary dbt package, and all other CLI versions remained unaffected. The attack did not target any other components of the Elementary ecosystem.

Background: What Is element-data?

element-data is a command-line interface designed for monitoring performance and anomalies in machine-learning systems. It helps data engineers and ML practitioners detect issues in their pipelines. The package's high download count made it an attractive target for supply chain compromise.

The compromised version, 0.23.3, was published using stolen signing keys obtained through a vulnerability in the developers' account workflow. The exact nature of that vulnerability has not been disclosed, but it highlights ongoing risks in open source package distribution.

What This Means for Organizations

Organizations that rely on element-data must treat this as a full credential exposure incident. Any environment where version 0.23.3 was executed should be considered compromised. Security teams should rotate all API tokens, SSH keys, cloud provider credentials, and warehouse access keys immediately.

Beyond credential rotation, organizations should conduct a thorough investigation for signs of lateral movement or data exfiltration. This incident underscores the critical need for software supply chain security measures, including verifying package integrity and monitoring for unexpected updates.

As open source ecosystems grow, so does the attack surface. Users are advised to implement strict access controls, use package signing verification, and maintain offline backups of credentials.