Hugging Face, a platform for building AI and ML models, has warned users of a breach that could expose access authentication secrets on Spaces, a community repository for AI projects.
“Earlier this week our team detected unauthorized access to our Spaces platform, specifically related to Spaces secrets,” the AI company said in a blog post. “As a consequence, we have suspicions that a subset of Spaces’ secrets could have been accessed without authorization.”
Hugging Face hasn’t disclosed if the breach has resulted from a vulnerability in the platform. The company is currently investigating the breach and is yet to reveal the radius of the impact.
Refreshing access tokens can help
The company has recommended that its community members refresh access keys and tokens or consider switching their HF tokens to “fine-grained” access tokens that have been made the new default after the incident.
HF Tokens were the preferred user access tokens to authenticate an application or notebook to Hugging Face services.
“As a first step of remediation, we have revoked a number of HF tokens present in those secrets. Users whose tokens have been revoked already received an email notice,” Hugging Face added in the post.
The company also confirmed that it has made, in the last few days, many security improvements on Spaces which included completely removing org tokens, implementing key management service (KMS) for spaces secrets, and boosting the detection of leaked tokens.
“We are working with outside cyber security forensic specialists, to investigate the issue as well as review our security policies and procedures,” the company added.
With over 10,000 organizations using Hugging Face products to create AI-powered tools and over 1.2 million users as of 2023, Hugging Face is the largest online AI community.
Snowflake faces a similar attack
As tools to develop and deploy AI-based applications emerge, so do threats to these environments owing mostly to the “community” ownership of these platforms and weaker security regimes around them.
Snowflake, a data cloud company used popularly for storing and managing relational big data needed for AI workloads, has experienced a breach that has snowballed into secondary attacks on a clutch of companies.
“Snowflake and third-party cybersecurity experts, CrowdStrike and Mandiant, are providing a joint statement related to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts,” said Brad Jones, chief information security officer, Snowflake in a forum update. “Throughout the course of the investigation, Snowflake has promptly informed the limited number of Snowflake customers who it believes may have been affected. Mandiant has also engaged in outreach to potentially affected organizations.”
Personal credentials of the demo account of a former employee were obtained and used by the threat actors, specifically, because the account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems, according to Jones.
“The incident playing out at Snowflake is due to the same issue we’re seeing across the market, companies are not incorporating the security of their SaaS applications into their security architectures,” said Brian Soby, chief technology officer and co-founder at AppOmni. “In this case, an attacker simply bought stolen credentials and used them to log in directly to Snowflake’s ServiceNow instance, as it was misconfigured to allow Single Sign On (SSO) to be optional instead of mandatory.”
Threat group ShinyHunters, who recently claimed responsibility for Santander and Ticketmaster breaches, allegedly claimed they stole data from cloud storage company Snowflake after hacking into an employee’s account.
“The latest Snowflake breach surfaces multiple troubling aspects about the potential impact of shifting to massive data lakes hosted on a cloud provider,” said Avishai Avivi, chief information security officer, SafeBreach. “Combine this with compromised credentials and a session cookie hijack, and you have the perfect storm. It’s important to understand that we are still in the early stages of identifying the specifics of this incident.”