On Friday, Hugging Face, the AI tool development company informed customers that detected unauthorized access to its Spaces platform.
The Spaces platform within Hugging Face makes it easier for users to both create and share machine learning (ML) applications with others. According to Hugging Faces, the unauthorized access detected within Spaces could have exposed several of Spaces’ secrets. In an effort to mitigate the issue, Hugging Faces revoked tokens present within the compromised secrets and notified impacted users. In a blog post, the company recommended refreshing any key or token and switching out Hugging Faces tokens to “fine-grained” access tokens, which will serve as the new default token. The company has also announced “significant improvements to the security of the Spaces infrastructure”.
Read more:
https://www.securityweek.com/secrets-exposed-in-hugging-face-hack/