Report: DeepSeek’s chat histories and internal data were publicly exposed \ stacker news ~AI

pull down to refresh

Report: DeepSeek’s chat histories and internal data were publicly exposed www.theregister.com/2025/01/30/deepseek_database_left_open/

21 sats \ 1 comment \ @0xbitcoiner 13h AI

Oh someone's in DeepShi...

China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story.

Wiz, a New York-based infosec house, says that shortly after the DeepSeek R1 model gained widespread attention, it began investigating the machine-learning outfit's security posture. What Wiz found is that DeepSeek – which not only develops and distributes trained openly available models but also provides online access to those neural networks in the cloud – did not secure the database infrastructure of those services.

That means conversations with the online DeepSeek chatbot, and more data besides, were accessible from the public internet with no password required.

...read more at theregister.com

view all related items

0 sats \ 0 replies \ @0xbitcoiner OP 13h

Wiz researchers found many similarities to OpenAI with their escalated access.

A cloud security firm found a publicly accessible, fully controllable database belonging to DeepSeek, the Chinese firm that has recently shaken up the AI world, "within minutes" of examining DeepSeek's security, according to a blog post by Wiz.

An analytical ClickHouse database tied to DeepSeek, "completely open and unauthenticated," contained more than 1 million instances of "chat history, backend data, and sensitive information, including log streams, API secrets, and operational details," according to Wiz. An open web interface also allowed for full database control and privilege escalation, with internal API endpoints and keys available through the interface and common URL parameters.

...read more at arstechnica.com