packagist, 1 year ago

On Monday, May 1st an attacker managed to take over 4 maintainer accounts on http://packagist.org - please do not reuse passwords and enable 2FA on your accounts - no malicious code was distributed - attack detected, accounts disabled and URL changes reverted on May 2nd.

Thanks to Juha Suni and
@ocramius for making us aware of the issue. You can read more details on what happened and what measures we took and what you should do at https://blog.packagist.com/packagist-org-maintainer-account-takeover/