Python Package Index incident

Malicious takeover of ctx project on PyPI.

Notice Resolved View vendor source →

Python Package Index experienced a notice incident on May 24, 2022, lasting —. The incident has been resolved; the full update timeline is below.

Started
May 24, 2022, 05:32 PM UTC
Resolved
May 24, 2022, 10:00 AM UTC
Duration
Detected by Pingoru
May 24, 2022, 05:32 PM UTC

Update timeline

  1. resolved May 24, 2022, 05:32 PM UTC

    This incident has been resolved.

  2. postmortem May 24, 2022, 05:33 PM UTC

    Takeover of the ctx project was reported on multiple channels overnight and was mitigated as of 6:07 AM Eastern. We confirmed via investigation that this compromise was of a single user account due to re-registration over an expired domain. The domain that hosted the users email address was re-registered 2022-05-14T18:40:05Z and a password reset completed successfully for the user at 2022-05-14T18:52:40Z. Original releases were then deleted and malicious copies uploaded. PyPI itself was not directly compromised. Read the full incident report at [https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html](https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html).