Security News > 2024 > June > AI platform Hugging Face says hackers stole auth tokens from Spaces

AI platform Hugging Face says hackers stole auth tokens from Spaces
2024-06-02 20:56

AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members.

Hugging Face Spaces is a repository of AI apps created and submitted by the community's users, allowing other members to demo them.

"Earlier this week our team detected unauthorized access to our Spaces platform, specifically related to Spaces secrets," warned Hugging Face in a blog post.

Hugging Face says they have already revoked authentication tokens in the compromised secrets and have notified those impacted by email.

They recommend that all Hugging Face Spaces users refresh their tokens and switch to fine-grained access tokens, which allow organizations to have tighter control over who has access to their AI models.

"Over the past few days, we have made other significant improvements to the security of the Spaces infrastructure, including completely removing org tokens, implementing key management service for Spaces secrets, robustifying and expanding our system's ability to identify leaked tokens and proactively invalidate them, and more generally improving our security across the board. We also plan on completely deprecating"classic" read and write tokens in the near future, as soon as fine-grained access tokens reach feature parity.


News URL

https://www.bleepingcomputer.com/news/security/ai-platform-hugging-face-says-hackers-stole-auth-tokens-from-spaces/