Python Package Index (PyPi) Account Takeover Incident Reported
Administrators of the Python Paket Pypi (Python Package Index) reported about the incident, wherein the attacker was able to take control of the projects
arrapi, tmdbapis, nagerapi, and PMMUTILS,
which have an estimated 4.5 thousand downloads per month. All projects were under the authorship of meisnate12 (Nathan Taggart) and were compromised due to unauthorized access to his account. The attacker
was promptly blocked, preventing any changes or modified releases.
The takeover was facilitated by replacing the owners of the projects. The attacker created the account “DVOLK” and, using
the accompanying account “Meisnate12”, sent an invitation to join the projects under the “DVOLK” account. Once accepted,
the attacker removed the original author from the projects, leaving only their own presence. Subsequently, the process
of deleting the “Meisnate12” account was initiated.
Five hours after the projects’ takeover, PyPi administrators received a report from the original author, who informed them
about the incident. The attacker’s account was immediately