Monday, February 17, 2025

Sensitive DeepSeek Data Exposed Online

Date:


Cloud security firm Wiz finds sensitive data from AI start-up DeepSeek exposed online, after chatbot emerges into spotlight

Chinese AI start-up DeepSeek left a database containing sensitive security information exposed on the open internet, said security firm Wiz.

The exposed database contained system logs, user prompt submissions, and users’ API authentication tokens, totalling more than 1 million lines of data, Wiz said in an advisory.

It said the data had been discovered “within minutes” with minimal scanning, indicating DeepSeek had apparently made no effort to secure it.

“This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details,” Wiz said in its advisory.

Liang Wenfeng, right, founder of AI chatbot start-up DeepSeek, pictured in January 2025. Image credit: CCTV

Data leak

“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defence mechanism to the outside world.”

The company said that it was likely others had seen the same exposed data, raising concerns that attackers could have moved further into the start-up’s systems before the issue was resolved.

Wiz said it initially was uncertain how to contact DeepSeek, a one-year-old firm which reportedly has no public relations staff.

It finally sent information about the issue to every DeepSeek email and LinkedIn profile it could fine connected to the firm.

Wiz said it received no response, but that the breach was resolved within half an hour of its communications.

The data was found in a ClickHouse database, a type of open source database often used for data analytics, Wiz said.

Security questions

The user prompts Wiz viewed were in Chinese, but there could have been others in additional languages, the company said.

DeepSeek rattled world markets on Monday after its AI chatbot app rose to the top of Apple’s iPhone download charts in the US and elsewhere.

The company’s success raised questions for investors around tech companies’ massive AI investments and spurred a $1 trillion (£800bn) market rout.

The start-up says its chatbot surpasses the performance of models from OpenAI, Anthropic and others, but was developed for a fraction of the price.

Western authorities have raised concerns about the security and privacy of the app, with the US Navy telling staff in an email not to use DeepSeek “in any capacity” due to “potential security and ethical” issues.



Source link

Share post:

spot_img

Popular

More like this
Related

Apple’s foldable iPhone: New leaks reveal unique hinge design, camera setup, expected release

Apple has long kept its foldable iPhone plans...

Creating Personalized Experiences with ChatGPT API: Unlocking Potential with MNAPI

In recent years, artificial intelligence (AI) has revolutionized the...

Vivo T4x 5G to Launch in India Soon; Price Range, Availability Confirmed

Vivo T4x 5G has been teased to launch...