The popular DeepSeek AI has been hit by a security flaw.
A database belonging to DeepSeek’s ClickHouse has been leaked, exposing sensitive data to unauthorized parties. The database leak included over 1 million log lines.
The log streams included AI chat history, secret keys, backend data, API secrets, and operational metadata. The data was discovered within minutes by cybersecurity firm Wiz Research.
The leak was a security flaw that could have allowed an attacker to gain full control of the database and potentially access other DeepSeek systems. There’s no evidence that anyone else had access to the flaw.
Wiz also struggled to publicize his discovery. DeepSeek is a relatively new company, founded just last year and based in China. That’s why he sent out a notice to every email address and LinkedIn profile he found that had been compromised.
The database was reportedly locked down within half an hour of the emails being sent. DeepSeek is not the only AI company to have experienced a cybersecurity breach. Hackers also gained access to OpenAI’s internal messaging logs in 2023.
DeepSeek has said it is currently unable to use the software in Italy because it has requested information from data protection authorities about how it collects and trains data.