7 hours ago
3
In a major security failing, Chinese AI chatbot DeepSeek exposed chat history and other sensitive data in a database accessible without any authentication.
The security researchers who discovered the issue say that the exposure included more than a million lines of log entries, which included chat history and secret keys …
Earlier today we noted that DeepSeek is under investigation in both Europe and the US over privacy and national security concerns. The app – which still sits at the top of Apple’s App Store – has been removed in Italy after the country’s privacy watchdog expressed concerns, a move likely to be repeated in other countries.
In addition to any risks created by the company’s privacy policies and practices, security researchers have discovered a major security flaw. Wiz Research describes what it found.
Wiz Research has identified a publicly accessible ClickHouse database belonging to DeepSeek, which allows full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams […]
Within minutes, we found [the database] completely open and unauthenticated, exposing sensitive data [including] a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details.
The problem was that the company had created a ClickHouse database without any authentication at all.
ClickHouse is an open-source, columnar database management system designed for fast analytical queries on large datasets. It was developed by Yandex and is widely used for real-time data processing, log storage, and big data analytics, which indicates such exposure as a very valuable and sensitive discovery.
It was in one of these datasets, log_stream, that the sensitive data was found.
Wiz couldn’t find a security contact to notify, so ended up having to spam every email address it could find for the company in order to disclose its findings. DeepSeek did subsequently secure the database.
- DeepSeek privacy under investigation in US and Europe; removed from App Store in Italy
- AAPL climbed 3% on DeepSeek news, as other tech stocks fell
- Three ways Apple is now benefiting from DeepSeek’s early AI success
- China’s DeepSeek hits #1 on App Store, shocks AI researchers, sends US tech shares tumbling
- 9to5Neural: ChatGPT Operator, Claude Citations, DeepSeek R1
Photo by Steve Johnson on Unsplash
FTC: We use income earning auto affiliate links. More.
English (US) ·