AI platform Hugging Face known for its extensive repository of community-created AI applications, said that its Spaces platform experienced a security breach, resulting in unauthorized access to authentication secrets of its members.
Spaces, a popular feature of Hugging Face, allows users to create, share, and demo AI apps.
Earlier this week, Hugging Face's security team detected suspicious activity indicating unauthorized access to Spaces secrets. These secrets include authentication tokens that allow users to interact with various features and services.
“Earlier this week our team detected unauthorized access to our Spaces platform, specifically related to Spaces secrets. As a consequence, we have suspicions that a subset of Spaces’ secrets could have been accessed without authorization,” the company said.
In response to the breach, Hugging Face revoked a number of Hugging Face tokens found within the compromised secrets. Affected users have already been notified via email and are advised to refresh any keys or tokens associated with their accounts. Additionally, Hugging Face recommends switching to fine-grained access tokens.
The company said it is also collaborating with law enforcement agencies and data protection authorities to investigate the breach.