DeepSeek's chat history became publicly accessible due to an unsecured ClickHouse database. The flaw was identified by Wiz researchers, who discovered the database was fully open without requiring authentication. This breach exposed over a million log lines, including sensitive user data and API secrets. Despite having resolved the issue, DeepSeek faces reputational damage as the incident underscores the importance of security protocols in widely used applications. Wiz advocates for stronger collaboration between security teams and AI developers to protect user data effectively as AI adoption grows.
This level of access posed a critical risk to DeepSeek's own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries.
Although DeepSeek has solved the issue, it has damaged its reputation. Such a security blunder really shouldn't occur in a widely available application.
Collection
[
|
...
]