Security incident disclosure — July 2026
Hugging Face reported an unauthorized access incident involving its Spaces platform that exposed certain subsets of user tokens. The company has since revoked the affected keys and notified the relevant users to initiate rotations. This breach underscores the ongoing security challenges for centralized model hosting services as they manage the increasingly sensitive credentials required for automated developer workflows.
Covered by 1 source
- HHugging Face Blog↗14h ago