Hugging Face tokens exposed, attack scope unknown

Hugging Face urged users to reset any keys or tokens following suspicious activity discovered in its Spaces platform.

In a blog post on Friday, Hugging Face, a data science community and development platform, issued a password leak disclosure for its Spaces platform, where users can create and deploy machine learning-powered applications. Spaces environments also store users' code inside a Git repository.

Hugging Face disclosed that it detected suspicious activity related to Spaces that exposed users' secrets, which store tokens, API keys and sensitive credentials. "Earlier this week our team detected unauthorized access to our Spaces platform, specifically related to Spaces secrets. As a consequence, we have suspicions that a subset of Spaces' secrets could have been accessed without authorization," Hugging Face wrote in the disclosure.

Subsequently, Hugging Face reported the incident to law enforcement and data protection authorities. Hugging Face added that it's also working with forensic specialists during the investigation.

Hugging Face said it revoked several tokens from the exposed secrets and emailed users whose tokens have already been revoked. It's unclear how many users were affected so far. The attack scope could be substantial because Hugging Face urged all users to take action to further segment access control.

"We recommend you refresh any key or token and consider switching your HF [Hugging Face] tokens to fine-grained access tokens which are the new default," the disclosure said.

In addition, Hugging Face said it "made other significant improvements" to secure Spaces infrastructure just days after detecting unauthorized access. One step included removing organization access tokens to improve traceability and audit capabilities.

Another remediation effort involved expanding the system's ability to proactively identify and invalidate any leaked tokens. "We also plan on completely deprecating 'classic' read and write tokens in the near future, as soon as fine-grained access tokens reach feature parity. We will continue to investigate any possible related incident," the disclosure said.

Friday's disclosure marks the second time in six months that Hugging Face tokens have been exposed. In December, Lasso Security discovered more than 1,600 exposed Hugging Face API tokens that posed a supply chain security risk to 723 organizations, including Google, Meta and Microsoft.

TechTarget Editorial contacted Hugging Face for comment, but the company had not responded at press time.

Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.