Secrets Exposed in Hugging Face Hack

From securityweek.com

AI tool development company Hugging Face informed customers on Friday that it had detected unauthorized access to its Spaces platform. 

Hugging Face Spaces makes it easier for users to create and share machine learning (ML) applications and demos with others. 

According to the company, the unauthorized access to the Spaces platform may have exposed “a subset of Spaces’ secrets”. 

In response, it has revoked tokens present in the compromised secrets and it has notified impacted users.

“We recommend you refresh any key or token and consider switching your HF tokens to fine-grained access tokens which are the new default,” Hugging Face said in a blog post.

Read more…