Hackers injected obfuscated JavaScript to install code that scraped information from thousands of websites. The attack underscores that companies need to better track the risk they assume when using third-party code. Hackers are targeting open source software projects and commercial software as a way to insert vulnerabilities or malicious code that can later be activated. Security analyst: “If you hack one project or supplier, you get a huge multiplier for your effort, so it is all about return on investment for the attacker” The attack likely allowed the criminals behind the code to record keystrokes from sites, he says.”]
Source: https://www.darkreading.com/attacks-breaches/attacks-on-javascript-services-leak-info-from-websites