Incident Report: Malicious takeover of ctx project on PyPI
24 May 2022 24 May '22
Takeover of the ctx project was reported on multiple channels overnight and was mitigated as of 6:07 AM Eastern.
We confirmed via investigation that this compromise was of a single user account due to re-registration over an expired domain. The domain that hosted the users email address was re-registered 2022-05-14T18:40:05Z and a password reset completed successfully for the user at 2022-05-14T18:52:40Z. Original releases were then deleted and malicious copies uploaded.
PyPI itself was not directly compromised.
Read the full incident report at https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain...
-Ee Durbin Director of Infrastructure Python Software Foundation
Age (days ago)
Last active (days ago)