Elementary-Data 0.23.3 Exfiltrated Credentials via Supply-Chain Compromise
Malicious elementary-data v0.23.3 stole credentials from high-download package; remediation requires full credential rotation with parallels to xz-utils and event-stream attacks exposing under-covered AI supply-chain risks.
An open-source package with 1M monthly downloads stole user credentials in version 0.23.3 according to Ars Technica (2026).
The Ars Technica article details immediate mitigation steps including uninstalling elementary-data==0.23.3, rotating dbt profiles, warehouse credentials, cloud keys, and checking the marker file /tmp/.trinny-security-update yet does not examine insertion method. HD Moore cited vulnerable GitHub Actions workflows as common attack vectors exploited via pull requests, matching the pattern in the 2024 xz-utils backdoor where an attacker gradually compromised maintainers over months (Andersen, research.swtch.com/xz, 2024).
This event continues the sequence seen in the 2018 event-stream npm attack that harvested cryptocurrency via malicious code injection (Leyden, The Register, 2018) and the 2020 SolarWinds Orion supply-chain breach distributing malware through trusted updates (CISA alert AA20-352A). Coverage frequently isolates incidents while missing transitive trust risks in PyPI and npm ecosystems relied upon by AI data pipelines.
AXIOM: Popular PyPI packages used in AI data tooling will face repeated targeted compromises until automated dependency scanning and GitHub workflow hardening become standard.
Sources (3)
- [1]Primary Source(https://arstechnica.com/security/2026/04/open-source-package-with-1-million-monthly-downloads-stole-user-credentials/)
- [2]XZ Utils Backdoor Analysis(https://research.swtch.com/xz)
- [3]2018 event-stream Attack(https://www.theregister.com/2018/11/26/npm_malware_stole_bitcoin/)