Element-Data Package Compromised: 1 Million Users at Risk

Key Takeaways

• Version 0.23.3 of element-data contained malware that stole credentials, API tokens, and SSH keys
• Attackers exploited a GitHub Actions vulnerability to gain access to package signing keys
• Anyone who installed version 0.23.3 should rotate all credentials immediately

What Happened

Element-data, a command-line tool for monitoring performance and anomalies in machine-learning systems, was hijacked on Friday. Unknown attackers pushed version 0.23.3 to both the Python Package Index (PyPI) and Docker Hub. The malicious code ran quietly, scouring infected systems for sensitive data.

The malware targeted user profiles, warehouse credentials, cloud provider keys, API tokens, SSH keys, and the contents of .env files. It ran for about 12 hours before the developers removed it on Saturday.

Elementary Cloud, the Elementary dbt package, and all other CLI versions were not affected. Only version 0.23.3 contained the malicious code.

How the Attack Worked

The attackers found a vulnerability in a GitHub Action the developers created. By posting malicious code to a pull request, they triggered a bash script that ran inside the developer's account. This script retrieved signing keys and account tokens.

With those credentials in hand, the attackers published a malicious package that looked nearly identical to a legitimate release. This is a classic supply chain attack. The package appeared authentic, came from the official accounts, and bore valid signatures.

A third-party issue report alerted the developers. Within three hours of learning about the compromise, they removed the package, rotated all exposed credentials, fixed the vulnerability, and audited all their other GitHub Actions.

Check If You're Affected

The developers are urging anyone who installed version 0.23.3 to act immediately. Here's how to check your installed version:

pip show elementary-data | grep Version

If you see version 0.23.3, uninstall it and install the safe version:

pip uninstall elementary-data
pip install elementary-data==0.23.4

Pin your requirements and lockfiles explicitly to version 0.23.4 to prevent accidental reinstallation.

Check for Malware Execution

The malware left a marker file on systems where it ran. Check for this file to confirm whether the payload executed:

• macOS / Linux: /tmp/.trinny-security-update
• Windows: %TEMP%\.trinny-security-update

If the file exists, the malware ran on that machine. Treat all credentials accessible from that environment as compromised.

What to Rotate

Anyone who installed the compromised version should rotate these credentials immediately:

• dbt profiles
• Warehouse credentials
• Cloud provider keys (AWS, GCP, Azure)
• API tokens
• SSH keys
• Contents of any .env files

CI/CD runners are especially exposed. These systems often have broad access to production credentials and run automated processes without human oversight. If your CI/CD pipeline installed version 0.23.3, assume your deployment secrets were exposed.

The Bigger Picture

This attack follows a familiar pattern. Attackers target developer infrastructure because it's often the weakest link in the supply chain. A single compromised GitHub Action can grant access to signing keys, which then unlock the ability to publish malicious packages that millions of users will trust.

The element-data team responded quickly. Three hours from discovery to removal is solid incident response. But 12 hours of exposure is still enough time for the malware to spread widely in automated CI/CD pipelines that pull packages without human review.

Protecting Your Organization

Supply chain attacks are not going away. Here are practical steps to reduce your exposure:

1. Pin dependencies to specific versions. Never use floating version specifiers in production.
2. Use a private package mirror or proxy that caches packages before they reach your CI/CD systems.
3. Audit your GitHub Actions for secrets exposure. Check what data they can access and who can trigger them.
4. Enable two-factor authentication on all package registry accounts.
5. Monitor for unexpected package updates. A new minor version appearing without a changelog warrants investigation.

Frequently Asked Questions

How do I know if I installed element-data version 0.23.3?

Run 'pip show elementary-data | grep Version' in your terminal. If it shows 0.23.3, you're affected.

What data did the malware steal?

The malware harvested user profiles, warehouse credentials, cloud provider keys, API tokens, SSH keys, and .env file contents.

Is the element-data package safe to use now?

Yes. Version 0.23.4 is clean, and the developers have fixed the vulnerability and rotated their credentials.

How long was the malicious version available?

About 12 hours, from Friday when it was published until Saturday when it was removed.

Should I rotate credentials even if I'm not sure I'm affected?

If there's any chance your systems pulled version 0.23.3, yes. Rotating credentials is faster than investigating a breach.

Source: Ars Technica