Conversation

'One highlight of the platform is the HuggingFace API ability with their Python library, which allows developers and organizations to integrate models, read, create, modify, and delete repositories or files within them.

'In this groundbreaking research, our team has unearthed a staggering number of 1681 valid tokens laid bare through HuggingFace and GitHub, ushering us into unprecedented discoveries.

'This massive effort enabled us to gain access to 723 organizations' accounts, with some of the most high-valued organizations, including giants like Meta, HuggingFace, Microsoft, Google, VMware, and more. Intriguingly, among these accounts, 655 users’ tokens were found to have write permissions, 77 of them to various organizations, granting us full control over the repositories of several prominent companies. Notably, some of the organizations with such extensive access included EleutherAI(Pythia), and BigScience Workshop(Bloom), highlighting the extent of our research's impact and its potential implications in the realm of supply chain attacks and organizational data integrity.

'The gravity of the situation cannot be overstated. With control over an organization boasting millions of downloads, we now possess the capability to manipulate existing models, potentially turning them into malicious entities. This implies a dire threat, as the injection of corrupted models could affect millions of users who rely on these foundational models for their applications'.
https://www.lasso.security/blog/1500-huggingface-api-tokens-were-exposed-leaving-millions-of-meta-llama-bloom-and-pythia-users-for-supply-chain-attacks