HuggingFace Reports Security Vulnerability

TapTechNews June 3rd, the world's largest open-source AI community, HuggingFace (TapTechNews note: commonly known as hugging face), reported a security vulnerability incident on May 31st. Its team detected unauthorized access to its Spaces platform, which may lead to the leakage of some user keys.

HuggingFace is one of the world's largest collaborative platforms for artificial intelligence and data science projects, with over a million models, datasets, and AI-driven applications.

The spokesperson of HuggingFace said in a statement: In the past few months, we have seen a significant increase in the number of cyberattacks, which may be because our usage has increased significantly and artificial intelligence is becoming mainstream. Technically, it is difficult to know how much Spaces confidentiality has been leaked.

HuggingFace has revoked the affected HFTokens and recommended that users refresh their keys or tokens and switch to a more secure fine-grained access token.

HuggingFace has also taken other security measures, including removing organizational tokens (to improve traceability and auditing capabilities), implementing a key management service, enhancing the ability to identify and invalidate leaked tokens, etc., and plans to completely phase out the classic read and write tokens in the near future.