Summary: A security breach at the Chinese AI company DeepSeek exposed sensitive information due to an unprotected database, as revealed by cloud security firm Wiz. This breach allowed for the execution of arbitrary SQL queries that disclosed chat histories, API keys, and other critical data. DeepSeek has since patched the vulnerability but faces scrutiny over data privacy and security concerns from various countries.
Affected: DeepSeek
Keypoints:
- An unprotected ClickHouse database allowed unauthorized access to sensitive logs and chat messages.
- Exposed data could have included flat text passwords, API keys, and proprietary information.
- DeepSeek’s R1 AI model has also been flagged for vulnerabilities that could endanger user data privacy.
- Regulatory bodies in Italy and Ireland have begun investigations into DeepSeek’s data protection practices.
Source: https://www.securityweek.com/unprotected-deepseek-database-leaked-highly-sensitive-information/