Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Hugging Face Data Breach Exposes API Tokens

December 5, 2023
Reading Time: 1 min read
in Incidents
Hugging Face Data Breach Exposes API Tokens

Lasso Security researchers have uncovered a significant security lapse on Hugging Face, a platform popular among AI enthusiasts, where over 1,500 exposed API tokens belonging to tech giants like Meta, Microsoft, Google, and VMware were found. This vulnerability could potentially lead to supply chain attacks, allowing attackers to modify files in account repositories. Of the exposed tokens, 655 had write permissions, enabling the alteration of files. The potential consequences of exploiting these tokens include data theft, poisoning training data, or stealing AI models, affecting more than 1 million users. The exposed API tokens were detected through substring searches on Hugging Face, revealing a vulnerability that could compromise the foundational models relied upon by millions of users. The researchers, by gaining access to more than 10,000 private models, demonstrated the severity of the breach.

The situation underscores the importance of securing API tokens, as compromised models could be manipulated into malicious entities, posing a serious threat to the user base. Developers often inadvertently expose tokens when storing them in variables, emphasizing the need for robust security measures and practices. GitHub has a Secret Scanning feature to prevent such leaks, but Hugging Face’s platform revealed a weakness in its organization API tokens. Even though the org_api tokens were announced as deprecated, the researchers found a way to exploit them for read access to repositories and billing access to resources. This discovery highlights the importance of ongoing vigilance and proactive measures to secure API tokens and prevent unauthorized access and potential malicious activities on platforms critical to the AI and machine learning community.

Reference:

  • Hugging API Tokens
Tags: 2023AttackersCyber AttacksCyber Incidents 2023cyber-incidentCybersecurityDecember 2023Hershey
ADVERTISEMENT

Related Posts

Madison County Iowa Systems Disrupted

Alleged Steam Breach Exposes 89M Records

May 13, 2025
Madison County Iowa Systems Disrupted

Ulhasnagar Municipal Corporation Hacked

May 13, 2025
Madison County Iowa Systems Disrupted

Madison County Iowa Systems Disrupted

May 13, 2025
Mobius Token Exploit Drains $2.15 Million

Mobius Token Exploit Drains $2.15 Million

May 12, 2025
Spanish Consumer Group Faces Cyberattack

Cyberattack Hits Università Roma Tre Website

May 12, 2025
Cyberattack Hits Public Agencies in Paraguay

Cyberattack Hits Public Agencies in Paraguay

May 12, 2025

Latest Alerts

Hackers Exploit Output Messenger Zero-Day

ASUS Fixes Critical Flaws in DriverHub

Apple Fixes Critical Bugs in iOS and MacOS

Microsoft Copilot AI Exposes Sensitive Data

PupkinStealer Targets Data Through Telegram

Fake AI Video Tools Spread Noodlophile

Subscribe to our newsletter

    Latest Incidents

    Alleged Steam Breach Exposes 89M Records

    Ulhasnagar Municipal Corporation Hacked

    Madison County Iowa Systems Disrupted

    Mobius Token Exploit Drains $2.15 Million

    Cyberattack Hits Public Agencies in Paraguay

    Cyberattack Hits Università Roma Tre Website

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial