-
-
Notifications
You must be signed in to change notification settings - Fork 2k
Security incident 2022 06 08: Anaconda installer on Windows installation page
Thomas Wiecki edited this page Jun 8, 2022
·
4 revisions
Alert: If you are a Windows user who downloaded Anaconda or Miniforge in the days between 2022-06-20 to 2022-06-22 by clicking on the links on our Wiki installation page: https://github.com/pymc-devs/pymc/wiki/Installation-Guide-(Windows), your system might be compromised.
On 2022-06-22 we noticed that the Wiki page https://github.com/pymc-devs/pymc/wiki/Installation-Guide-(Windows) has been altered twice, changing the links to the Anaconda and Miniforge installers to suspicious looking domains. Here are the two diffs:
- https://github.com/pymc-devs/pymc/wiki/Installation-Guide-(Windows)/_compare/bd59c1eb7a54633f6418e78047e3c7a0c707c74b...a8ac9584ce38058269d7e23e7c05d44b0241cb3b
- https://github.com/pymc-devs/pymc/wiki/Installation-Guide-%28Windows%29/_compare/b74c076%5E...b74c076
We don't know what hid behind these links.
- We reverted the links to their official sources
- We disabled public write access to our wiki
- We checked the other links in our installation instructions and confirmed that they look correct
- We reported the user https://github.com/Zapelphilipp to GitHub (the other user's account seems to already been deleted)
We'd like to apologize to all users who might have been affected by this.