Comment by Vincenius

3 months ago

Wow, I also received the same phishing email even though my packages only have a few hundred downloads a week (eg. bsky-embed).

So I guess a lot more accounts/packages might be affected than the ones stated in the article

2 comments

Vincenius

Did you receive the email in a similar time window? I'm trying to think of ways to scan other repositories for signs of compromise.

Vincenius 3 months ago

Yeah, I received the email on the 8th a little earlier at 2:50am (utc +2)