:

POPULAR OPEN SOURCE PACKAGE COMPROMISED, STEALING CREDENTIALS

DEV DESK2 MIN READ
MON, APR 27, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Element-data, an open source package downloaded 1 million times monthly, was found stealing user credentials. Users of the library should immediately check for signs of compromise.

Security researchers discovered that element-data, a widely-used open source package, contained malicious code designed to harvest user credentials. The package, which maintains approximately 1 million monthly downloads, had been compromised without the knowledge of its users or maintainers. ■ The Breach The malicious code embedded in element-data was designed to exfiltrate sensitive user authentication data. The exact scope of affected versions and the duration of the compromise remain under investigation. ■ What You Should Do Users of element-data should take immediate action: - Audit your systems: Check for unauthorized access or activity on accounts that may have used this package - Rotate credentials: Change passwords and regenerate API keys for any services accessed by applications using element-data - Update immediately: Remove the compromised package and update to a patched version when available - Review logs: Examine application logs for suspicious activity dating back to when the package was first installed ■ Impact The large download volume means the potential impact is significant. Any application or service that incorporated element-data could have been affected. Organizations using this package in production environments face particular risk. ■ Next Steps Maintainers have been notified and are working to remediate the issue. Additional details about the compromise timeline and affected versions are expected as the investigation progresses. Users should monitor official package repositories and security advisories for updates. This incident underscores the risks inherent in open source software supply chains, where popular packages can reach millions of users before security issues are detected.

■ SOURCES

Ars Technica

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.

JUST NOWIndustry Desk

A security analysis reveals xAI's Grok Build command-line tool transmits complete source code and project files to xAI's servers. The discovery raises data privacy questions for developers using the tool.

6H AGOAI Desk

A Cambridge study reveals that terrorist organizations including Boko Haram and ISIS are using ChatGPT, Claude, and Gemini to plan attacks and develop weapons. Safety filters designed to prevent such misuse have repeatedly failed.

17H AGOAI Desk

The Australian Cyber Security Centre has issued an alert about coordinated exploitation of vulnerable content management systems and plugins worldwide. The campaign targets organizations using outdated or unpatched CMS software.

19H AGOAI Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.