Popular open-source tool with 1M downloads was stealing passwords

A popular open-source software package called element-data, which gets over 1 million downloads each month, has been found to be stealing user credentials. The package was designed to look like a legitimate tool for managing data, but it was actually sending usernames and passwords to unknown servers. Security researchers discovered this after users reported suspicious activity in their accounts.

This is a big deal because open-source software is often trusted by developers and regular users alike. Many people assume that because something is open-source, it's safe. But this case shows that even widely used tools can be compromised. It's a reminder to always check the source and reviews of any software you use, especially if it's handling sensitive information like passwords.

If you've used element-data, you should change your passwords immediately, especially for any accounts that might have been accessed through this tool. Also, be more cautious about the software you download, even if it's open-source. Look for reviews, check the developer's reputation, and consider using well-known, trusted tools whenever possible. Keep an eye out for similar security alerts in the future, as this type of threat is becoming more common.