DeepSeek database with private data and chat logs was exposed to the internet
Chinese AI DeepSeek is incredibly popular right now, but you should be careful about handing it any of your private data.
Researchers over at Wiz reported on Wednesday that they identified a publicly accessible database belonging to DeepSeek, which in turned allowed anyone to access DeepSeek's internal data.
This data included chat logs, secret keys, and other sensitive information, Wiz claims. The text was in Chinese, but that's hardly an issue these days when anyone can use machine translation to translate it.
Upon its discovery, Wiz promptly disclosed the issue to DeepSeek, which fixed the error. However, it's the type of security flaw that should make you think twice before you use DeepSeek for anything that requires you to hand over even remotely sensitive data.
The details describing the issue are on Wiz's blog, but it boils down to DeepSeek using a ClickHouse database which was accessible without any authentication. Anyone who found this database could have executed an SQL query to get access to more than 1 million log entries, with timestamps, chat logs in plain text, and other metadata that a malicious hacker could've use to extract sensitive information belonging to DeepSeek users.
DeepSeek didn't publicly comment on the issue, and it's unclear whether this security flaw was abused by a third party before Wiz found out about it.
We've contacted DeepSeek about this issue and will update this article when we hear back.
Chinese AI lab DeepSeek has gotten an enormous amount of attention since it launched the latest version of its LLM, DeepSeek R1, earlier in January. DeepSeek R1 beats the best LLMs from U.S. companies, including those from OpenAI, in several key benchmarks, while reportedly being trained with significantly fewer resources. The company's iOS app quickly rose to the top of Apple's App Store, and its launch caused chaos in the U.S. stock market, shaving hundreds of billions off of Nvidia's market cap as the market suddenly anticipated weaker demand for Nvidia hardware.
Since then, several researchers pointed out security weaknesses and privacy issues in the way DeepSeek processes and stores user data.