DeepSeek, a Chinese AI startup behind the groundbreaking DeepSeek-R1 reasoning model, has been rocked by a sensitive data leak exposed through a publicly accessible database. Wiz Research has identified a vulnerable ClickHouse database linked to DeepSeek, which allowed full control over operations and access to internal data.
The exposure includes over 1 million lines of log streams with chat history, secret keys, backend details, and other highly sensitive information. The Wiz Research team immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the vulnerability.
The incident highlights the urgent need for organizations to prioritize security when adopting AI tools and services from startups. As the adoption of AI accelerates, security teams must work closely with engineers to ensure visibility into architecture, tooling, and models being used.
The exposed database contained a significant volume of chat history, backend data, and sensitive information, including log streams, API Secrets, and operational details. The lack of authentication and defense mechanisms on the publically accessible ClickHouse database made it an attractive target for potential attackers.
Key takeaways from this incident include:
– Rapid AI adoption without corresponding security can be inherently risky.
– Basic risks, such as accidental external exposure of databases, pose significant threats to organizations handling sensitive data.
– Ensuring visibility into architecture and tools used is crucial to safeguarding data and preventing exposure.
As the industry continues to integrate AI deeply into businesses worldwide, it’s essential that security teams prioritize data protection and adopt a proactive approach to detecting vulnerabilities like this one.
Source: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak