Summary: Wiz Research identified a major security vulnerability in DeepSeek, a Chinese AI startup, that exposed an unauthenticated database containing over a million log entries, including sensitive user information. The database was accessible via two URLs, allowing unauthorized access to critical data such as chat histories, API keys, and internal operations details. After disclosure, DeepSeek swiftly took action to secure the exposed data, highlighting the need for enhanced security measures in AI technologies.
Affected: DeepSeek, a Chinese AI startup
Keypoints :
- Exposed ClickHouse database was accessible without authentication through two URLs.
- Data included sensitive information such as chat histories, API keys, and internal operations details.
- The vulnerability allowed full database control, risking data exfiltration and privilege escalation.
Source: https://securityonline.info/deepseeks-exposed-database-leaks-sensitive-user-information/