Over 1 Million Downloads: Open Source Toolkit Caught Stealing Cloud Credentials, API Keys

By

BREAKING: element-data Compromised – Credentials Stolen

A popular open source package with over one million monthly downloads was hijacked after attackers exploited a flaw in the developers’ account workflow, gaining access to signing keys and publishing a malicious version that stole sensitive credentials.

“Users who installed version 0.23.3 should assume that all credentials accessible to the environment where it ran may have been exposed,” the developers of element-data warned in an urgent advisory posted Friday.

The malicious release, tagged as 0.23.3, was published to the official Python Package Index (PyPI) and Docker Hub accounts on Friday. It was removed about 12 hours later, on Saturday.

When executed, the compromised version scoured systems for user profiles, warehouse credentials, cloud provider keys, API tokens, and SSH keys, according to the team behind Elementary Cloud.

Background: What Is element-data?

Element-data is a command-line interface (CLI) tool used by machine-learning engineers to monitor performance and detect anomalies in ML systems. It is maintained by Elementary Cloud, a data observability platform.

The package enjoys widespread adoption, with more than one million downloads per month, making it a prime target for supply chain attacks. The attacker exploited a vulnerability in the developers’ account workflow to obtain signing keys and other sensitive information.

The elementary Cloud platform itself, the Elementary dbt package, and all other CLI versions were not affected. The incident is limited to version 0.23.3 of element-data.

What This Means: Immediate Action Required

Any user who installed or ran version 0.23.3 must immediately rotate all credentials that were accessible in the environment. This includes cloud provider keys, database credentials, API tokens, and SSH keys.

“This is a textbook supply chain attack,” said Jane T. Hunt, a cybersecurity analyst at ThreatWatch. “The sheer volume of downloads means the blast radius could be enormous. Organizations need to treat every environment that used this tool as potentially compromised.”

The developers recommend assuming complete exposure. Users should also review any systems that may have executed the malicious Docker container or Python code and monitor for unusual activity.

Key steps for affected users:

• Rotate all credentials (cloud provider keys, API tokens, SSH keys, warehouse credentials).
• Audit recent access logs for unauthorized activity.
• Check for any new or unexpected resources created in cloud accounts.
• Ensure multi-factor authentication is enabled on all sensitive accounts.

For more context on this type of attack, see the Background section above.

This incident underscores the growing risk in open source software dependencies. As attackers increasingly target popular packages, developers must enforce stronger access controls and monitoring for their publishing workflows.

Related Articles

• Microsoft Shatters Record with 167 Flaws in April Patch Tuesday, SharePoint Zero-Day Under Active Attack
• Fortifying Your Enterprise in the Age of AI-Powered Vulnerability Discovery
• Fortifying the npm Supply Chain: New Threats and Practical Defenses
• Critical Remote Code Execution Flaw in xrdp Threatens Remote Desktop Security
• Navigating a Learning Management System Cyberattack: A Preparedness and Response Guide
• The Evolving AI Threat Landscape: How Adversaries Are Using Generative AI for Cyberattacks
• Mozilla's AI Vulnerability Detection: Mythos Finds 271 Firefox Flaws with Minimal False Positives
• Breaking: Kimsuky Hackers Deploy Advanced PebbleDash Malware in Campaigns Targeting South Korea and Beyond