According to cloud security firm Wiz, DeepSeek has secured an open database that exposed sensitive user data, including chat histories, API authentication keys, and system logs. The researchers discovered the database within minutes, as it lacked any form of authentication.
The unprotected data was stored within an open-source data management system, ClickHouse, containing over one million log lines. Wiz’s security team warned that the exposure provided full database control and could have led to privilege escalation within DeepSeek’s internal systems. Wired first reported the breach.
It remains unclear whether unauthorized parties accessed the exposed information before it was secured. However, Wiz researchers suggested that given how easily it was discovered, it is likely that other individuals may have stumbled upon it. They also noted that DeepSeek’s system architecture closely resembles OpenAI’s, including the format of API keys.
This revelation comes just days after OpenAI accused DeepSeek of using its data to train AI models, raising further concerns about DeepSeek’s security and ethical practices. While the company has since locked down the database, the incident highlights growing concerns over data protection and privacy in the AI industry.
Users are advised to remain cautious when interacting with AI platforms, particularly those with unclear security practices. The situation underscores the need for stronger safeguards in AI-driven services to prevent future data leaks.
Advertisement
