DeepSeek's AI success is overshadowed by a serious security breach

Jump to First Reply
Posted:
in General Discussion

A massive data leak from AI startup DeepSeek has raised alarms about the security of sensitive user data in the rapidly evolving AI industry.

White whale logo and the word 'deepseek' on a blue gradient background.
DeepSeek AI



Cybersecurity researchers at Wiz recently found a major security lapse at DeepSeek, a Chinese AI startup. The company, known for its DeepSeek-R1 AI model, had left a ClickHouse database exposed -- an oversight with serious consequences.

Over a million log entries, containing chat history, secret keys, and backend details, were left unprotected in the exposed database. Worse, the database allowed full administrative control without authentication, making it a goldmine for potential attackers.

The exposed data included API secrets, internal logs, and even plaintext chat messages, posing a severe risk to both DeepSeek and its users. Wiz researchers responsibly disclosed the issue to DeepSeek, which promptly secured the database.

How the breach was discovered



Wiz's research team identified the issue while analyzing DeepSeek's external security posture. They initially mapped out DeepSeek's internet-facing domains and found several subdomains, most appearing harmless.

However, deeper analysis revealed two unusual open ports -- 8123 and 9000 -- linked to publicly exposed ClickHouse database instances. These instances were completely unprotected, allowing anyone to access and manipulate data without authentication.

Using basic SQL queries through ClickHouse's built-in web interface, Wiz researchers found a table named "log_stream," which contained extensive logs with sensitive information. The logs included timestamps, references to internal DeepSeek API endpoints, and plaintext chat messages, as well as operational metadata.

Code snippet titled Plain-Text chat messages from DeepSeek, with translation about solid rocket boosters' invention, historical development, components, functions, and future developments.
The leak included chat messages. Image credit: Wiz Research



Such unrestricted access could have allowed attackers to extract passwords, local files, and proprietary data.

While the exposure was quickly patched, it raises larger concerns about DeepSeek's infrastructure and the risks tied to its rapid growth.

DeepSeek's rapid rise brings success & security concerns



DeepSeek's data leak comes at a pivotal moment for the company. Despite its security lapse, the AI startup has seen a dramatic rise, topping the U.S. App Store and many others worldwide.

The company's rapid success stems from its ability to deliver high-quality AI responses at a fraction of the cost of Western competitors like OpenAI's ChatGPT. However, the very infrastructure that enabled this growth -- the lightweight, cost-effective model -- also appears to have contributed to its security vulnerabilities.

Given the U.S. government's history of restricting Chinese tech firms like Huawei and TikTok, DeepSeek may face regulatory hurdles if concerns over data security persist.



Read on AppleInsider

Comments

  • Reply 1 of 7
    It’s not so hard to build something, even an improve it, when someone else’s toil has paved the way - and when there are less ethical hurdles to slow you down. 

    But “easy come” is usually followed by “easy go” as they used to say. 

    The main holdup for Apple’s own entry seemed to have been feeding the ai system ethically rather than just stealing/plagiarizing all the data they could find. 

    I seriously doubt this recent offer was put together with any regard whatsoever for ethics. 

    And now, with security issues so army on… no thanks. 
    edited January 30
    ronn
     1Like 0Dislikes 0Informatives
  • Reply 2 of 7
    Pemapema Posts: 206member
    This is just more sore loser talk. Isn't all user data compromised in Generative AI? I mean, where are the hangers full of data coming from? User data - like you and me. 
    ronn9secondkox2
     0Likes 2Dislikes 0Informatives
  • Reply 3 of 7
    MacPromacpro Posts: 19,864member
    I wonder if DeepSeek pissed someone off ... oh wait...
    9secondkox2
     0Likes 1Dislike 0Informatives
  • Reply 4 of 7
    It’s not so hard to build something, even an improve it, when someone else’s toil has paved the way - and when there are less ethical hurdles to slow you down. 


    Yes, that's what I always think about the US, that eventually droped it's ethics concerns and had their German 'prisoners'  build rockets to go into space and later on the moon. *sarkasm off*

    Seriously EVERY 'new' invention is build on the shoulders of the scientists/researchers/inventors that came before ... and not all those inventions were used for purely ethical reasons.
    muthuk_vanalingam9secondkox2
     1Like 1Dislike 0Informatives
  • Reply 5 of 7
    tundraboytundraboy Posts: 1,919member
    It’s not so hard to build something, even an improve it, when someone else’s toil has paved the way - and when there are less ethical hurdles to slow you down. 


    Yes, that's what I always think about the US, that eventually droped it's ethics concerns and had their German 'prisoners'  build rockets to go into space and later on the moon. *sarkasm off*

    Seriously EVERY 'new' invention is build on the shoulders of the scientists/researchers/inventors that came before ... and not all those inventions were used for purely ethical reasons.
    Yup, luckily, the US's Nazi rocket scientists were better than the Soviet's Nazi rocket scientists.
    9secondkox2
     0Likes 1Dislike 0Informatives
  • Reply 6 of 7
    I saw something on reddit this morning, someone asked the deepseek AI, what politician looked like Winnie The Pooh.  It Queried and then began giving its answer. Once it said Chinese President … it failed and asked for a new topic. 
    ronn
     1Like 0Dislikes 0Informatives
  • Reply 7 of 7
    ronnronn Posts: 702member
    I saw something on reddit this morning, someone asked the deepseek AI, what politician looked like Winnie The Pooh.  It Queried and then began giving its answer. Once it said Chinese President … it failed and asked for a new topic. 
    I saw someone making statements and deepseek AI agreeing with it. That's until the statement "Taiwan is an independent nation" resulted in deepseek AI turning it to "Taiwan is a part of China." Welp! 
     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.