DeepSeek Suffers Major Data Breach Exposing Sensitive AI Chatbot Data
Chinese AI chatbot provider DeepSeek has suffered a significant data breach. A team of researchers discovered that sensitive data was exposed due to an infrastructure vulnerability in DeepSeek's ClickHouse database setup.
The exposed data includes chat histories, API keys, and operational details of DeepSeek's backend. The database was completely open and unauthenticated, accessible at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000. The vulnerability allowed direct execution of arbitrary SQL queries via a web browser, potentially granting control over the database and privilege escalation.
Researchers from Wiz refrained from executing intrusive queries and limited their actions to enumeration only. Despite this, the exposure of sensitive data raises serious data privacy concerns surrounding DeepSeek's language models (LLMs). Meanwhile, Alibaba has released a new LLM, Qwen 2.5-Max, which claims to outperform DeepSeek's AI models.
The White House and the Italian Data Protection Authority are currently investigating DeepSeek due to these concerns. DeepSeek has yet to comment on the incident. Users of DeepSeek's AI chatbot services should remain vigilant and monitor any unusual activity related to their accounts.
Read also:
- Trump announces Chinese leader's confirmation of TikTok agreement
- SpaceX & T-Mobile Activate Starlink for Hurricane Helene Connectivity
- Hackers Utilize GOLD SALEM to Infiltrate Networks and Evade Security Measures, Deploying Warlock Ransomware
- Strengthening Resistance Against Combined Risks in an Age Characterized by Authoritarian Technology
