InfoCapability
Hugging Face Spaces security: unauthorized access to Spaces secrets prompts token revocation and shift to fine-grained tokens
AI Impact Summary
Hugging Face detected unauthorized access to Spaces secrets, with a subset of secrets potentially accessed. They revoked HF tokens found in affected secrets and are shifting to a Key Management Service (KMS) and fine-grained access tokens to improve traceability and prevent future leaks. Customers should rotate credentials and update automation to use fine-grained tokens, anticipating remediation work and potential short-term disruption as the migration unfolds.
Hugging Face Spaces security: unauthorized access to Spaces secrets prompts token revocation and shift to fine-grained tokens
Affected Systems
Hugging Face SpacesSpaces secrets
- Date
- Date not specified
- Change type
- capability
- Severity
- info