back to article PyPI warns of first-ever phishing campaign against its users

The Python Package Index, better known among developers as PyPI, has issued a warning about a phishing attack targeting developers who use the service. The community-run organization said this is the first known phishing attack against PyPI users. And the attack has unfortunately been somewhat successful, resulting in the …

  1. Clausewitz4.0 Bronze badge

    Phishing Campaign

    QUOTE: PyPI announced it is giving away free hardware security keys to the maintainers of critical projects

    New phishing campaign requesting login + password + address to send physical token in 3, 2, 1 ...

  2. vincent himpe

    it's python

    pythonesue should be physhing...

  3. Anonymous Coward
    Anonymous Coward

    Increase security by passing personal data to google


  4. Charlie Clark Silver badge

    Interesting attack

    This is the first time I've seen such a targetted attack and the e-mail was reasonably convincing, not least because the security keys do have to be requested from Google and the communication about them wasn't brilliant. And here, again, there was no direct communication from the PSF about the attack. It's also yet another example of a phishing site being hosted by Google. Really, one might expect them to be on top of this abuse of their hosting.

    As a result of the phishing campaign, PyPI announced it is giving away free hardware security keys to the maintainers of critical projects

    That's not true. The phishing campaign is a reponse to the giveaway. I informed El Reg about the giveaway a couple of months ago but it was presumably deemed not newsworthy at the time. Why does the media have to wait for things to go wrong before reporting?

  5. Anonymous Coward
    Anonymous Coward

    It feels to me either that these thing needs to either

    1. Verify everything before it gets added. Thoroughly.


    2. Make it very clear that it is the wild west.

    This trying to be the best of both worlds doesn't seem to be all that good of an idea for these things.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like