Top open source PyPI package with over 1 million downloads each month hacked to send out malware

Read post on techradar.com

This was not a case of stolen credentials, but rather of vulnerability exploitation.