[foolishbard]

My anthropic key was leaked and someone ran up a 10k bill on it. Are HF going to cover that?

[jerpint]

My openAI key was leaked and I noticed someone was using it, luckily the damage wasn’t nearly as bad as you. A few dollars worth of GPT4, a model none of my apps were using at the time.

I’m almost entirely certain it was leaked via secrets on HF space, I got a message a few days ago warning me some of my spaces were affected

[Tiberium]

Are you sure it was only stored in your space secrets? Not variables (which are public) or stored in the .env file (also public).

[foolishbard]

I searched everywhere for any other leaks of it and found nothing.

[pvtmert]

i think you can ask Anthropic to provide access data (IP addresses, User Agents etc) specific to your key.

Then you can challenge hugging-face (eg paying customer) even sue them if you wish to...

[mrkramer]

I always thought you could set your "maximum limit" for spending on cloud providing platforms.

[a1o]

That's surprisingly not a thing in many platforms.

[deusum]

That $10k was probably the limit for their work, not someone else’s stolen time.

[foolishbard]

Anthropic is too new to have built that functionality I guess. Only found out because they were mad that my key was abusing their ToS and they notified the organization owner.

[internetter]

> Anthropic is too new to have built that functionality I guess.

That’s no sort of excuse