Summary: A recent security assessment by Wiz Research uncovered that Chinese AI startup DeepSeek exposed two unsecured databases containing sensitive user chat histories, API keys, and operational metadata. The databases were publicly accessible, allowing for arbitrary SQL queries without authentication, posing significant risks to DeepSeek’s security and user privacy. DeepSeek has since addressed the exposure, but concerns remain about its overall security practices and the potential for misuse of accessed data.
Affected: DeepSeek, a Chinese AI startup
Keypoints :
- Two databases were publicly accessible, containing over a million log entries with sensitive information.
- Exposed data included user queries, backend system keys, and operational metadata in plaintext.
- Wiz Research reported the exposure, and DeepSeek has since remedied the issue, but implications for user privacy and security measures remain a concern.