Exposed DeepSeek Database Revealed Chat Prompts and Internal Data

DeepSeek Database Leak Exposes User Prompts and Internal Data

A critical security lapse has exposed a vast amount of sensitive data from DeepSeek, a rapidly growing Chinese generative AI platform. Researchers from the cloud security firm Wiz revealed on Wednesday that DeepSeek had left one of its key databases unprotected on the internet, making system logs, user-submitted prompts, and API authentication tokens accessible to anyone who found the database. The exposed records reportedly numbered more than a million.

The leak comes at a time when DeepSeek is experiencing an unprecedented surge in popularity, challenging major AI firms in the United States and prompting concerns about security, data privacy, and ethical issues. However, the company has remained largely unresponsive to media inquiries. According to Wiz researchers, they struggled to reach DeepSeek’s team and resorted to sending disclosure emails to every email address and LinkedIn profile they could find. Within 30 minutes of their outreach, the exposed database was secured, though it remains unclear if any unauthorized parties had already accessed or downloaded the data.

A Major Security Oversight

Ami Luttwak, the Chief Technology Officer of Wiz, called the exposure a “dramatic mistake,” emphasizing how little effort was required to discover and access the unprotected database. “The fact that mistakes happen is correct, but this is a dramatic mistake because the effort level is very low and the access level that we got is very high,” Luttwak said.

Wiz researchers noted that the exposed database appeared to be a ClickHouse database, a commonly used open-source server analytics tool. The records they uncovered included log files detailing users’ interactions with DeepSeek, authentication API keys, and the paths users had taken through the system. The visible user prompts were primarily in Chinese, but the researchers suggested that prompts in other languages may have been included.

Security experts warn that such a vulnerability could have allowed a malicious actor not only to harvest sensitive data but also to move laterally into other DeepSeek systems and potentially execute harmful code. Independent security researcher Jeremiah Fowler, who was not involved in the Wiz investigation, called the exposure “shocking.”

“This type of operational data and the ability for anyone with an internet connection to access it and then manipulate it is a major risk to the organization and its users,” Fowler stated.

Deepening Global Scrutiny

DeepSeek has rapidly gained traction in the AI market, leading to mounting concerns from global regulators and competitors alike. OpenAI is reportedly investigating claims that DeepSeek may have used ChatGPT outputs to train its models, as reported by the Financial Times.

Governments are also taking notice. Italy’s data protection authority recently questioned DeepSeek about its training data sources and whether personal information was included. Following the inquiry, the DeepSeek app appeared to become unavailable for download in the country. Meanwhile, the U.S. Navy has issued an internal warning advising personnel not to use DeepSeek’s services, citing “potential security and ethical concerns.”

Despite the exposure, DeepSeek’s rapid rise has continued to shake up the AI landscape. Its launch has significantly impacted the stock prices of U.S.-based AI firms, underscoring the market’s sensitivity to new AI competitors. However, security lapses like this serve as a stark reminder of the vulnerabilities inherent in cloud-hosted AI technologies.

“AI is the new frontier in everything related to technology and cybersecurity,” said Nir Ohfeld, head of vulnerability research at Wiz. “And still, we see the same old vulnerabilities like databases left open on the internet.”

Previous Article

Tarique Rahman Calls for Fair and Credible Elections in Bangladesh

Next Article

Bangladesh: Leading Economic Growth in Emerging Markets

Write a Comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter

Subscribe to our email newsletter to get the latest posts delivered right to your email.
Pure inspiration, zero spam ✨