Source URL: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
Source: Hacker News
Title: Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History
Feedly Summary: Comments
AI Summary and Description: Yes
**Summary:** The text discusses a critical security vulnerability identified in DeepSeek’s publicly accessible ClickHouse database, which exposed sensitive information related to AI operations. Wiz Research’s responsible disclosure of an unprotected database emphasizes the importance of foundational security measures in the fast-evolving AI domain.
**Detailed Description:**
– Wiz Research discovered a vulnerable ClickHouse database linked to DeepSeek, a Chinese AI startup, highlighting the potential risks inherent in early-stage AI infrastructure.
– The publicly accessible database was completely unprotected, allowing anyone to access and manipulate sensitive data, including:
– Over a million log entries containing chat history, API secrets, and backend information.
– Full control over database operations without any form of authentication.
– The exposure was uncovered through reconnaissance techniques, which revealed two open ports on commonly used hosts, leading to the ClickHouse database. This database is significant for:
– Enabling fast analytical queries on large datasets, it is often used for real-time data processing and analytics.
– Specific findings from the data included:
– **Log Stream Contents:**
– Time-stamped logs from early 2025.
– Internal API endpoint references, plaintext logs, and metadata exposing the origin of requests.
– The lack of security measures poses a danger not just to DeepSeek but to its users, making sensitive data such as passwords vulnerable to exfiltration through simple SQL queries.
– Key takeaways emphasize:
– The necessity of maintaining robust security practices even as organizations rush to adopt cutting-edge AI technologies.
– AI applications often overlook basic security principles, jeopardizing customer data.
– Security teams need to collaborate closely with AI developers to ensure visibility into the infrastructure supporting AI applications, which is essential for safeguarding sensitive information.
– The report stresses that AI technology adoption is accelerating faster than any past technology, revealing that many startups lack the necessary security frameworks, leading to increased risks in handling sensitive data.
– In conclusion, the industry must prioritize security and implement stringent measures similar to those required across public cloud providers to protect against foundational vulnerabilities.