|
|
|
|
|
|
by bdmac97
2539 days ago
|
|
|
Hi all. I'm the (actual) owner of that gem. As already hypothesized in the comments I'm pretty sure this was a simple account hijack. The kickball user likely cracked an old password of mine from before I was using 1password that was leaked from who knows which of the various breaches that have occurred over the years. I released that gem years ago and barely remembered even having a rubygems account since I'm not doing much OSS work these days. I simply forgot to rotate out that old password there as a result which is definitely my bad. Since being notified and regaining ownership of the gem I've: 1. Removed the kickball gem owner. I don't know why rubygems did not do this automatically but they did not. 2. Reset to a new strong password specific to rubygems.org (haha) with 1password and secured my account with MFA. 3. Released a new version 0.0.8 of the gem so that anyone that unfortunately installed the bogus/yanked 0.0.7 version will hopefully update to the new/real version of the gem. |
|
|
Thanks for sharing the info!