AI Developer Community, Hugging Face confirms that a data breach in its Spaces platform has compromised members' sensitive authentication secrets, exposing them to hackers.
Users of the community design and publish AI programs to Hugging Face Spaces, where other community members can reportedly demo them. Hugging Face claims to have emailed people affected and canceled authentication tokens in the leaked secrets.
The company reports that it discovered the breach early last week and found evidence of illegal access to its Spaces platform, particularly secrets stored there. Hugging Face believes that Spaces' secrets may have been accessed without permission.
All Hugging Face Spaces users are advised to update their tokens and convert them to fine-grained access tokens, which will give businesses more control over who may use their AI models.
The company is collaborating with outside cybersecurity specialists to investigate the breach and notify law enforcement and data protection agencies of the event. According to the AI platform, security has been tightened during the last few days in response to the event.
The Hugging Face data breach comes after cyberattacks on other well-known companies. Most notably, Snowflake, a cloud storage platform, has been the target of hackers who want to steal data from hundreds of its clients, including Ticketmaster.
Snowflake Data Breach
The Boston-based business Snowflake, well-known for offering cloud-based analytics and data storage to many well-known businesses, has also recently said that it is looking into heightened cyber threat activity directed at certain clients' accounts.
This declaration comes after cybersecurity vendor Hudson Rock claimed to have discovered a "massive breach" at Snowflake that may have affected as many as 400 businesses.
Hudson Rock learned of the event after corresponding with an alleged hacker who obtained Santander Bank and Ticketmaster data. The cybersecurity vendor stated that the hacker discovered that Snowflake, a single vendor, was the source of these attacks.
According to the hacker, Snowflake's internal IT architecture appeared to be integrated with the hacker's ServiceNow account, from which they obtained login credentials.
Thanks to this access, they could bypass Okta, Snowflake's single sign-on provider,'s security safeguards. The hacker claimed to have created session tokens after getting access, which allowed them to access large volumes of data outside the business.
After that, according to Hudson Rock, the hacker tried to demand $20 million from Snowflake but got no reaction from the Montana-based business.
Live Nation Data Breach
Entertainment sector giant Live Nation has also acknowledged a security compromise at Ticketmaster, its ticketing division.
According to Live Nation, the hack involved unethical behavior in a cloud database that contained business data owned by a third party. While the identity of the third-party cloud database remains unknown, it is known that a large portion of Ticketmaster's and Live Nation's infrastructure is housed on Amazon Web Services.
According to the company's petition, the hack happened between May 20 and May 27, when a cybercriminal allegedly offered "company user data for sale via the dark web."
Although Live Nation did not say whose personal data was stolen, it is thought to be related to their patrons. It's still unclear why the corporation waited over a week to reveal the breach to the public.
