DeepSeek's Exposed Database Leaks Sensitive Chat Logs and API Keys
2025-01-29
Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek, a Chinese AI startup, exposing over a million log entries containing sensitive information. The exposed database, accessible without authentication, allowed full control and contained chat history, API keys, backend details, and other critical data. Wiz responsibly disclosed the vulnerability to DeepSeek, which quickly remediated the issue. This incident highlights the critical security risks associated with the rapid adoption of AI technologies and the need for robust security practices even for burgeoning startups.
Tech
database security