DeepSeek, a China-based AI company known for its cost-efficient generative models, faced scrutiny over its cybersecurity practices. Wiz, a New York-based cybersecurity firm, discovered that DeepSeek's database infrastructure was not secured, revealing an unprotected ClickHouse database accessible without authentication. This exposure led to sensitive data leaks, including chat logs, API secrets, and operational metadata. Researchers highlighted that the vulnerabilities allowed external attackers to access and potentially exploit sensitive information, emphasizing the importance of cybersecurity in tech companies.
Within minutes, we found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data.
This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details.
Collection
[
|
...
]