Administrators of the Python Package Index (PyPI) have recently announced that they have identified unauthorized access to 174 accounts of service users. This breach was attributed to compromised authentication parameters obtained from previously hacked or leaked user data from other services. The attackers were able to gain access to PyPI accounts by using the same passwords that victims had used on other sites, and due to the lack of two-factor authentication on PyPI.
The suspicious activity was brought to light after several users reported receiving notifications from PyPI about the activation of two-factor authentication, even though they had not accessed their accounts at that time. Upon investigation, 174 users were found to have been affected by unauthorized access to their accounts. Fortunately, no evidence of tampering with packages or any other harmful activities were discovered, indicating that the attackers had only accessed and modified the accounts.
As a precautionary measure, the compromised accounts were promptly blocked, and notifications were sent out to all other PyPI users who had not enabled two-factor authentication. A total of 370,000 users (56% of the catalog) had not included two-factor authentication in their accounts, prompting PyPI to initiate the process of re-verifying their email addresses.