https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
DeepSeek, a Chinese AI startup, has suffered a significant data breach, exposing sensitive user data and internal information.
Two publicly accessible databases containing over a million log entries were discovered by security researchers at Wiz. These databases held critical information, including:
- User Chat History: Plaintext conversations between users and the DeepSeek-R1 LLM.
- API Keys: Credentials used for backend system authentication.
- Internal Infrastructure Details: Information about DeepSeek’s internal services and operations.
The exposed data poses significant risks, including privacy violations for users and potential for attackers to gain unauthorized access to DeepSeek’s systems.
While DeepSeek has addressed the immediate issue, the incident raises concerns about the company’s data security practices and highlights the importance of robust security measures for AI companies handling sensitive user data.