account-takeover
Safeguard articles tagged "account-takeover" — guides, analysis, and best practices for software supply chain and application security.
17 articles
Anatomy of an npm maintainer account takeover
A single phishing email hit eslint-config-prettier's ~30M weekly downloads in July 2025 — no code compromise needed, just a stolen npm login.
Anatomy of a PyPI Compromise: How durabletask Got Hijacked in 35 Minutes
Three malicious durabletask releases hit PyPI in a 35-minute window in May 2026 — a maintainer-token theft, not a code review failure.
Lessons from the ua-parser-js Compromise: Four Hours, Eight Million Downloads a Week
A hijacked npm account turned a tiny User-Agent parser into a cryptominer and password stealer for a few hours in 2021. Here is what account takeover does at ecosystem scale.
GitLab Account Takeover via Password Reset (CVE-2023-7028) Explained
CVE-2023-7028 let attackers send GitLab password-reset links to an address they controlled — a zero-interaction account takeover scored 10.0. Here's the flaw and the fix.
Maintainer Account Takeover Attacks: Hijacking Trust in Open Source
A maintainer account takeover lets an attacker publish malicious versions of a trusted package under a legitimate identity. Here is how it happens and how to defend.
What is Credential Stuffing
Credential stuffing uses billions of breached passwords to hijack accounts at scale. Learn how it works, real breaches it caused, and how to stop it.
OSS Maintainer Account Takeover Trends 2025
A senior engineer's breakdown of how maintainer account takeovers evolved in 2025, from phishing kits targeting PyPI to session token theft on GitHub and npm.
UA-Parser-JS October 2021: A Deep Dive on the Attack
The ua-parser-js compromise of October 2021 paired credential theft with cryptominer and password stealer payloads. A close look at what happened and why.
Case study: crates.io maintainer account takeover and mal...
How a compromised maintainer credential becomes a crates.io account takeover and a malicious crate version in the Rust software supply chain.
Case study: RubyGems account takeover incidents and their...
A look at real RubyGems account takeover incidents, including the rest-client hijack, and what they reveal about Ruby supply chain risk.
CocoaPods Trunk Server Email Verification Bypass Enabling...
CVE-2024-38367 let attackers bypass email verification on the CocoaPods trunk server to take over pod owner accounts, threatening the iOS supply chain. Here's the impact and fix.
RubyGems.org domain takeover risk report
RubyGems.org hasn't adopted the domain-resurrection defenses PyPI rolled out in 2025 — leaving a proven account-takeover technique open across the Ruby ecosystem.