DeepSeek, a Chinese AI startup, has faced a significant security breach as its open database was found to expose user chat histories, API keys, and system logs. Security researchers from Wiz discovered this vulnerability within just minutes, emphasizing the lack of authentication needed to access the data. The exposed information included over a million log lines, which posed a risk for unauthorized control over DeepSeek's internal systems. While DeepSeek quickly secured the database upon notification, concerns remain about whether unauthorized access occurred prior to the fix, given the ease of discovery.
The exposed information was housed within an open-source data management system called ClickHouse and consisted of more than 1 million log lines.
Researchers stated that the exposure 'allowed for full database control and potential privilege escalation' within DeepSeek's environment.
It's still not clear whether anyone else was able to access the exposed data, though it would be unsurprising, given the ease of discovery.
Wiz's researchers highlighted that DeepSeek's systems are designed similarly to those used by OpenAI, indicating possible vulnerabilities.
Collection
[
|
...
]