Users who deployed the nightly builds of PyTorch between Christmas and New Year’s Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems.