Skip to main content

ET CISO: Cybersecurity Experts

simran January 31, 2025
ET CISO: Cybersecurity Experts

DeepSeek’s Sensitive Data Leaked Online Due to Vulnerability

A Chinese AI startup, DeepSeek, has been accidentally leaking sensitive data online, according to a cyber security company. New York-based Wiz claims that it discovered the vulnerability that caused the leak and reported that over a million lines of data, including software keys and user chat logs, were left unsecured.

The Leak

In a blog post, Wiz says that a database belonging to DeepSeek is publicly accessible online and allows full control over database operations, including the ability to access internal data. The company claims that it found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data.

Response from DeepSeek

However, according to Wiz CTO Ami Luttwak, DeepSeek responded quickly to the alert and secured the data within an hour. Luttwak stated, "They took it down in less than an hour. But this was so simple to find we believe we’re not the only ones who found it."

Exposed Data

The exposure includes over a million lines of log streams with highly sensitive information. The database contained a significant volume of chat history, backend data, and sensitive information, including log streams, API Secrets, and operational details.

Context

This incident comes on the heels of DeepSeek’s rapid rise to prominence in the AI field. The company’s DeepSeek AI Assistant has gained immense popularity, surpassing even OpenAI’s ChatGPT in App Store downloads. The success has been attributed to the company’s ability to deliver comparable performance to its US rivals at a significantly lower cost, leading to a wipeout of about $1 trillion from US stocks on Monday (January 27).

Published Date and Time

The article was published on January 31, 2025, at 09:41 AM IST.

Related Articles

  • DeepSeek AI Assistant
  • DeepSeek

Subscribe to Our Newsletter

Join the community of 2M+ industry professionals and subscribe to our newsletter to get the latest insights and analysis.

Download ETCISO App

Get Realtime updates and save your favourite articles with our ETCISO App. Available on App Store and Google Play Store.

Scan to Download App

Scan the QR code to download the ETCISO App on your mobile device.


Source Link

Next Post

You May Also Like

WASHINGTON, DC - JANUARY 19: Elon Musk speaks at President-Elect Donald Trump's victory rally at the Capital One Arena on January 19, 2025 in Washington, DC. Trump will be sworn in as the 47th U.S. president on January 20. (Photo by Scott Olson/Getty Images)
Ontario Cancels $100M Starlink Contract Over US TariffsNews

Ontario Cancels $100M Starlink Contract Over US Tariffs

February 3, 2025
Samsung Galaxy S25+ Repair Easier, Teardown Reveals
Samsung Galaxy S25+ Repair Easier, Teardown RevealsTech

Samsung Galaxy S25+ Repair Easier, Teardown Reveals

February 3, 2025
Here is a rewritten title in 50-60 characters max:"Analyst Burnout: An Insider Threat"Alternatively, you could also consider:* "Burnout: The Greatest Insiders' Threat" * "Insider Threat: Analyst Burnout Epidemic" * "Burnout: The Silent Threat to IT Security"Let me know if you'd like me to suggest more options!
Here is a rewritten title in 50-60 characters max:“Analyst Burnout: An Insider Threat”Alternatively, you could also consider:* “Burnout: The Greatest Insiders’ Threat” * “Insider Threat: Analyst Burnout Epidemic” * “Burnout: The Silent Threat to IT Security”Let me know if you’d like me to suggest more options!CyberSecurity

Here is a rewritten title in 50-60 characters max:“Analyst Burnout: An Insider Threat”Alternatively, you could also consider:* “Burnout: The Greatest Insiders’ Threat” * “Insider Threat: Analyst Burnout Epidemic” * “Burnout: The Silent Threat to IT Security”Let me know if you’d like me to suggest more options!

simransimranFebruary 10, 2025

FUSION MAG