back to article Exposed Hugging Face API tokens offered full access to Meta's Llama 2

The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to potential supply chain attacks.  Researchers at Lasso Security found more than 1,500 exposed API tokens on the open source data science and machine learning platform – which allowed them to gain …

  1. sqlrob

    And this tells me right here how much they value security.

    "It was also blocked in Hugging Face's Python library by adding a check to the type of token in the login function."

    Changing client libraries prevents accidents. It doesn't do squat against a malicious user.

    1. doublelayer Silver badge

      Hence the "also" in that sentence, which added that particular weak check to "which had already been announced as deprecated". That will do more about malicious uses when they finish doing it, presumably, although I'd have to look up what the exact flaw is before knowing the risk.

  2. Mike 137 Silver badge

    New definition of effective?

    "Google's anti-spam filters for Gmail are effective[...] but these have been compromised on a number of occasions"

  3. elsergiovolador Silver badge


    What's up with Meta and their leaks.

  4. EvilGardenGnome

    W. T. Absolute. F.

    Who in their bloody right, left, middle - I don't care what - mind honestly names their service after a sci-fi creature that infects you with a parasite that will explode from your chest and kill everyone around you?!?!? Seriously, are we just that rampant for allusion, reference, and one-upping on the zeitgeist train that we can't even come up with a minimally obscure, yet apt reference? Maybe the Alexandrian (since something will burn eventually), or Pandora (maybe, just maybe, something good will come of this nonsense).

    Are we all just racing for the Torment Nexus? Seriously? Don't even bother stopping the ride, I'm just getting off now.

  5. NeilPost Silver badge

    Sloppy shitty practices

    “all this has happened before, all this will happen again".

    Despite the industry talk or secure by design, security at the heart of everything we do it’s a continuation of profit over rhetoric or what’s right. Every time.

    Hardly surprising the robots will take over - of whatever sci-fi variety, or others.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like