AI platform Hugging Face has revealed that its Spaces platform was hacked, allowing cybercriminals to access members’ authentication secrets. Hugging Face Spaces is a repository where users can create and share AI apps for others to demo.
What’s behind the Hugging Face hack?
“Earlier this week our team detected unauthorized access to our Spaces platform, specifically related to Spaces secrets,” warned Hugging Face in a blog post. “As a consequence, we have suspicions that a subset of Spaces’ secrets could have been accessed without authorization.”
In response to the hack, Hugging Face has already revoked the compromised authentication tokens and notified the affected members via email. They recommend that all users of Hugging Face Spaces refresh their tokens and transition to fine-grained access tokens, which provide tighter control over who can access their AI models.
The company is collaborating with external cybersecurity experts to investigate the hack and has reported the incident to law enforcement and data protection agencies. Following the hack, Hugging Face has intensified its security measures over the past few days.
“Over the past few days, we have made other significant improvements to the security of the Spaces infrastructure, including completely removing org tokens (resulting in increased traceability and audit capabilities), implementing key management service (KMS) for Spaces secrets, robustifying and expanding our system’s ability to identify leaked tokens and proactively invalidate them, and more generally improving our security across the board. We also plan on completely deprecating “classic” read and write tokens in the near future, as soon as fine-grained access tokens reach feature parity. We will continue to investigate any possible related incident,” Hugging Face said
As Hugging Face gains more recognition, it has also attracted the attention of cybercriminals aiming to misuse the platform for harmful activities.
“We deeply regret the disruption this incident may have caused and understand the inconvenience it may have posed to you. We pledge to use this as an opportunity to strengthen the security of our entire infrastructure,” Hugging Face stated.
The Snowflake data breach is a tangled mess
About Hugging Face Spaces
Hugging Face Spaces is a platform that serves as a repository for AI applications created and shared by the community’s users. It allows developers to submit their AI models and apps, which can then be demoed and utilized by other members of the community. This collaborative environment encourages innovation and sharing of AI technologies, providing a space for users to explore and experiment with various AI solutions.
Image credits: Kerem Gülen/Midjourney
