Potential Exposure of Hugging Face Token

#1
by June-Snow - opened

Hello,

We are a group of security researchers conducting an analysis of publicly available resources to assess common misconfiguration risks.

During our research, we came across a Hugging Face access token exposed in a public configuration: hf_tEE******BUTpm. This token appears to be linked to your account and could potentially allow unauthorized access to Hugging Face services. If left unrevoked, it may be vulnerable to misuse.

We strongly recommend that you revoke this token immediately and generate a new one. Additionally, please review your configurations to ensure that no other sensitive credentials are publicly accessible.

If you have any questions or would like assistance in securing your environment, feel free to reach out.

Best regards,

As a follow-up, it looks like there’s another leaked token: hf_FBIV******CfQC.

Sign up or log in to comment