Menu
Hugging Face, an AI company, revealed on Friday that its Spaces platform experienced unauthorized access earlier this week. We suspect that some Spaces’ secrets may have been accessed without permission, the company shared in an advisory. Spaces is a platform where users can build, host, and share AI and machine learning apps, as well as explore creations by others. Following the incident, Hugging Face is revoking several HF tokens that were part of the exposed secrets and notifying affected users via email.
We recommend updating any keys or tokens and switching to fine-grained access tokens, which are now the default, they advised.
Hugging Face hasn’t disclosed how many users were affected, but they’re investigating further and have reported the breach to law enforcement and data protection authorities.
This comes as the rapid growth of AI has made platforms like Hugging Face a target for cyberattacks. Earlier this year, cloud security firm Wiz highlighted vulnerabilities in Hugging Face that could let attackers compromise CI/CD pipelines and manipulate AI/ML models.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
