Massive Open-Source Package Element-Data Hijacked: Credential Theft Hits 1 Million Monthly Users

By

In a critical supply chain incident, the widely used open-source tool element-data—with over 1 million monthly downloads—was compromised on Friday after attackers exploited a flaw in the developer's account workflow. The breach allowed the threat actor to obtain signing keys and push a malicious update that silently harvested credentials from users' systems.

The malicious version, tagged 0.23.3, was published to both the Python Package Index (PyPI) and Docker Hub. It remained available for roughly 12 hours before being removed on Saturday. According to the developers, the rogue package scanned environments for sensitive data including user profiles, warehouse credentials, cloud provider keys, API tokens, and SSH keys.

“Users who installed 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed,” the developers warned in an official advisory.

The exploit targets a vulnerability in the developers’ account workflow that gave attackers access to signing keys and other sensitive credentials. The Elementary Cloud platform, the Elementary dbt package, and all other CLI versions remain unaffected.

Background

Element-data is a command-line interface designed to monitor performance and detect anomalies in machine-learning systems. It is maintained by Elementary, a data observability company. Its 1 million monthly downloads make it a critical component in many data-pipeline environments.

This is not the first such incident in the open-source ecosystem. Similar supply chain attacks have targeted PyPI packages like ctx, phpass, and colors, exploiting weak account security to distribute malicious code.

What This Means

Organizations that rely on element-data must treat this as a full credential compromise. Every API token, SSH key, cloud provider credential, and warehouse password used in environments where the malicious code ran should be rotated immediately. Security teams should audit logs for unusual access patterns and review system integrity.

The incident underscores a growing threat: open-source packages with large user bases are prime targets for supply chain attacks. Developers and maintainers must adopt multi-factor authentication, secret scanning, and immutable CI/CD workflows to protect signing keys and repository access. For users, it reinforces the need to verify package authenticity before every update.

• key:affected — All systems running element-data v0.23.3 or the corresponding Docker image.
• key:action — Rotate all credentials immediately; assume breach.
• key:prevention — Enable strong MFA, monitor package signatures, and use software bill of materials (SBOM).

Internal Links

• Jump to Background
• Jump to What This Means

Related Articles

• Copy Fail: The Critical Linux Privilege Escalation Threat You Need to Understand
• Mastering Couch Computing: A Complete Guide to Framework’s Wireless TouchPad Keyboard
• How to Leverage AI for Zero-Day Discovery: Lessons from Firefox's 271 Vulnerability Hunt
• Securing Your Python Pipeline: A Guide to Defending Against Supply Chain Attacks Like the PyTorch Lightning Incident
• Source Code Breach Response: A Step-by-Step Guide (Using the Trellix Incident as a Case Study)
• Massive iOS Exploit Kit 'Coruna' Spotted in Wild: Google Reveals 23 Flaws Used in Targeted Attacks
• Inside the CPU-Z Watering Hole Attack: AI-Powered EDR Stops Supply Chain Compromise
• CISA Warns of Active Exploitation of 'Copy Fail' Linux Flaw Leading to Full System Compromise