DeepSeek has secured a “completely open” database that exposed user chat histories, API authentication keys, system logs, and other sensitive information, according to cloud security firm Wiz. The security researchers said they found the Chinese AI startup’s publicly accessible database in “minutes,” with no authentication required.
DeepSeek database left user data, chat histories exposed for anyone to see
Security researchers say they discovered a database containing sensitive information ‘within minutes.’
Security researchers say they discovered a database containing sensitive information ‘within minutes.’
Image: Cath Virginia / The Verge
is a news writer who covers the streaming wars, consumer tech, crypto, social media, and much more. Previously, she was a writer and editor at MUO.
The exposed information was housed within an open-source data management system called ClickHouse and consisted of more than 1 million log lines. As noted by Wiz, the exposure “allowed for full database control and potential privilege escalation within the DeepSeek environment,” which could’ve given bad actors access to the startup’s internal systems. These findings were first reported by Wired.
DeepSeek “promptly secured” the database after Wiz notified the startup about the issue.
It’s still not clear whether anyone else was able to access the exposed data, but the researchers told Wired, “it wouldn’t be surprising, given how simple it was to discover.” Wiz’s researchers also told the outlet that DeepSeek’s systems are designed similarly to those used by OpenAI, “down to details like the format of the API keys.” OpenAI accused DeepSeek of using its data to train its AI models earlier this week.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
