"In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed "full control over database operations, including the ability to access internal data", Wiz Research stated, with more than a million lines of log streams involved, containing chat history, secret keys and more."
"Data leakage is a broad concept, covering a range of scenarios. As IBM notes, the term in general refers to a scenario where "sensitive information is unintentionally exposed to unauthorized parties". It could be intentional or unintentional. On the intentional side, for instance, hackers could use phishing or social engineering techniques to manipulate an organization's employees into exposing their personal data."
In January 2025, Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek that exposed more than one million log streams. The exposure granted full control over database operations and exposed chat histories, secret keys and other sensitive internal data. Wiz Research reported the finding and DeepSeek quickly secured the database. Data leakage refers to sensitive information unintentionally exposed to unauthorized parties. Leakage can be intentional through phishing, social engineering or malicious insiders, or unintentional through human error like misdirected emails. Common vectors include misconfigured cloud storage and vulnerable endpoints such as unencrypted laptops or removable media.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]