DeepSeek, a Chinese AI company, faced a security incident where an unsecured back-end database exposed sensitive user information, including chat histories and API keys, on the internet. Researchers from Wiz found the vulnerability and informed DeepSeek, prompting swift action to take the database offline. The chat logs were in Chinese and easily translated, raising concerns about data privacy. The incident underscores the dangers of misconfigured systems, often resulting from human errors, rather than malicious attacks. The duration of the exposure and if others accessed the data remain unknown as DeepSeek did not respond to inquiries.
Security researchers at cloud giant Wiz discovered a significant exposure of sensitive information from DeepSeek, which included unencrypted user chat histories and API keys accessible on the open internet.
Despite the alarming breach, it's unclear how long the sensitive data has been exposed or if other third parties accessed the database before being alerted and taken offline.
Collection
[
|
...
]