How the development of AI led to the compromise of the secrets of Spaces.
Hugging Face last week discovered unauthorized access to the Spaces platform, designed to create, share and host AI models and resources.
The Hugging Face blog reported that the hack is related to Spaces secrets, that is, private data that is used to access protected resources such as accounts, tools, and developer environments. It is suspected that some of the secrets may have been accessed by third parties without authorization.
As a precaution, Hugging Face has revoked a number of tokens in these secrets (tokens are used to verify identity). Users whose tokens were revoked have already received email notifications. Hugging Face recommends that all users "upgrade any keys or tokens" and consider switching to more secure tokens with fine-tuned access.
It is not yet clear how many users or apps were affected by the potential hack. Hugging Face noted that the company is working with external cybersecurity specialists to investigate the incident, as well as to review security policies and procedures. Hugging Face also reported the incident to law enforcement and data protection agencies.
Additionally, Hugging Face told TechCrunch that the firm has seen a significant increase in cyberattacks over the past few months, likely due to a significant increase in Hugging Face usage and the popularization of AI. According to the company, it is technically difficult to determine how many Spaces secrets may have been compromised.
The possible hack of Spaces comes at a time when Hugging Face, one of the largest platforms for collaborative AI and data science projects, is facing increased attention to its security.
In April, researchers from the information security company Wiz discovered two critical vulnerabilities on Hugging Face that could allow attackers to increase privileges, gain access to other clients ' models, and even take control of continuous integration and deployment (CI/CD) processes.
Hugging Face last week discovered unauthorized access to the Spaces platform, designed to create, share and host AI models and resources.
The Hugging Face blog reported that the hack is related to Spaces secrets, that is, private data that is used to access protected resources such as accounts, tools, and developer environments. It is suspected that some of the secrets may have been accessed by third parties without authorization.
As a precaution, Hugging Face has revoked a number of tokens in these secrets (tokens are used to verify identity). Users whose tokens were revoked have already received email notifications. Hugging Face recommends that all users "upgrade any keys or tokens" and consider switching to more secure tokens with fine-tuned access.
It is not yet clear how many users or apps were affected by the potential hack. Hugging Face noted that the company is working with external cybersecurity specialists to investigate the incident, as well as to review security policies and procedures. Hugging Face also reported the incident to law enforcement and data protection agencies.
Additionally, Hugging Face told TechCrunch that the firm has seen a significant increase in cyberattacks over the past few months, likely due to a significant increase in Hugging Face usage and the popularization of AI. According to the company, it is technically difficult to determine how many Spaces secrets may have been compromised.
The possible hack of Spaces comes at a time when Hugging Face, one of the largest platforms for collaborative AI and data science projects, is facing increased attention to its security.
In April, researchers from the information security company Wiz discovered two critical vulnerabilities on Hugging Face that could allow attackers to increase privileges, gain access to other clients ' models, and even take control of continuous integration and deployment (CI/CD) processes.
