Company Hugging Face recently disclosed information regarding a security breach on their platform Hugging Face Spaces, which offers tools for creating machine learning applications and models. Employees discovered evidence of unauthorized access to the platform, raising concerns about potential leaks of confidential user data, such as keys and tokens. As a precaution, the compromised tokens were revoked, and users were advised to update their keys and tokens to ensure security.
Although the investigation is ongoing, details of the incident have not been revealed. Hugging Face has taken steps to enhance the security of its infrastructure, including discontinuing the use of Org-tokens, implementing a key management system (KMS), and introducing new tools to detect token leaks. Future plans involve phasing out classic tokens with access to reading and writing functions.