Open source package with 1 million monthly downloads stole user credentials

The developers are urging all developers who installed version 0.23.3 to take the following steps immediately: 1. Check your installed version: pip show elementary-data | grep Version 2. If the version is 0.23.3, uninstall it and replace it with the safe version: pip uninstall elementary-data pip install elementary-data==0.23.4 In your requirements and lockfiles, pin explicitly to elementary-data==0.23.4. 3. Delete your cache files to avoid any artifacts. 4. …