AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members.
Hugging Face Spaces is a repository of AI apps created and submitted by the community's users, allowing other members to demo them.
Hugging Face says they have already revoked authentication tokens in the compromised secrets and have notified those impacted by email.
They recommend that all Hugging Face Spaces users refresh their tokens and switch to fine-grained access tokens, which allow organizations to have tighter control over who has access to their AI models.
The company is working with external cybersecurity experts to investigate the breach and report the incident to law enforcement and data protection agencies.
The AI platform says they have been tightening security over the past few days due to the incident.
We will continue to investigate any possible related incident.
As Hugging Face grows in popularity, it has also become a target for threat actors, who attempt to abuse it for malicious activities.
In February, cybersecurity firm JFrog found approximately 100 instances of malicious AI ML models used to execute malicious code on a victim's machine.
One of the models opened a reverse shell that allowed a remote threat actor to access a device running the code.
More recently, security researchers at Wiz discovered a vulnerability that allowed them to upload custom models and leverage container escapes to gain cross-tenant access to other customers' models.
Malicious AI models on Hugging Face backdoor users' machines.
Ascension redirects ambulances after suspected ransomware attack.
Ascension healthcare takes systems offline after cyberattack.
Snowflake account hacks linked to Santander, Ticketmaster breaches.
Ticketmaster confirms massive breach after stolen data for sale online.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 02 Jun 2024 21:00:10 +0000