DeepSeek exposed internal database containing chat histories and sensitive data

DeepSeek fixed an exposed database after Wiz found and reported it.

: DeepSeek's database, exposed due to lack of password protection, leaked over a million logs. Wiz discovered and reported the issue, leading to its resolution. It is unclear who accessed the data, besides Wiz, before it was secured. The exposure stemmed from human error, not malicious intent.

Chinese AI company DeepSeek had an exposed back-end database leaking sensitive user data, including chat histories and API keys. The database lacked password protection, allowing open internet access to more than a million unencrypted logs.

Wiz security researchers discovered the vulnerability and informed DeepSeek. The company responded by taking the database offline, but it is uncertain if others accessed the data before it was secured.

Reports from Wired suggest that the leaked chat logs were in Chinese and easily translatable. Misconfigurations, like in this case, are often due to human error rather than malice. DeepSeek has gained viral attention since its launch in December.

DatabaseSecurityAI