Hugging Face Details

    Organization Logo

    Hugging Face

    New York City, United States170 employees • Technology and cloud computing

    Industry

    Technology and cloud computing

    Security Incidents

    1

    Hugging Face is an AI company that develops open-source libraries and models for natural language processing (NLP). Their flagship product is the Transformers library, which provides pre-trained models and tools for building and deploying language models. With a strong focus on democratizing AI technology, Hugging Face has created a vibrant community of developers and researchers who contribute to and utilize their open-source resources.

    Security Incidents

    Hugging Face Breach of Jun 2024
    Severity Score
    Low to Moderate

    Type

    Other

    Summary

    Hugging Face detected unauthorized access to their Spaces platform's secrets, leading to potential exposure of a subset of those secrets. They have revoked some tokens and recommend users refresh keys/tokens and switch to fine-grained access tokens. Hugging Face is working with cyber security experts to investigate, has made improvements to Spaces infrastructure security, and plans to deprecate classic tokens for fine-grained access tokens. They have reported the incident to authorities and provided an email (security@huggingface.co) for further questions. Hugging Face regrets the disruption c...
    Show more

    Severity

    The unauthorized access incident at Hugging Face involved potential exposure of secrets related to their Spaces platform, prompting revocation of some tokens. While the full extent is still under investigation, Hugging Face has implemented significant security improvements and is working with cybersecurity experts to review policies and procedures. The company has notified impacted users and relevant authorities about this security breach.

    Impact

    The security breach at Hugging Face primarily affected users of their Spaces platform, as unauthorized access was gained to Spaces secrets like API tokens and keys. Hugging Face has already revoked some exposed tokens and notified those specific users via email about the incident. Any Spaces users or those utilizing Hugging Face tokens are advised to rotate their secrets as a precautionary measure against potential misuse.