Space secrets leak disclosure — HF tokens revoked, KMS implemented

AI Impact Summary

Hugging Face has identified and remediated an unauthorized access incident within the Spaces platform, specifically targeting Spaces secrets and associated HF tokens. As a result, revoked a number of HF tokens and implemented several security enhancements, including KMS for Spaces secrets, proactive token invalidation, and the removal of org tokens. The company is also deprecating classic tokens and working with external cybersecurity specialists to investigate the full scope of the breach and strengthen overall infrastructure security.