Hugging Face Spaces: Secrets breach prompts token revocation; migrate to fine-grained access tokens

AI Impact Summary

Unauthorized access to Hugging Face Spaces secrets was detected, with some HF tokens embedded in those secrets potentially accessed. The organization is revoking those tokens, implementing a KMS for Spaces secrets, removing org tokens, and steering customers toward fine-grained access tokens to improve auditability. Customers should rotate their keys/tokens and plan to migrate to FG tokens to avoid disrupted programmatic access; law enforcement and data protection authorities are being involved.