DeepSeek AI database leaked online, exposing chat history and secret keys

Wiz Research has uncovered a significant security vulnerability involving Chinese AI startup DeepSeek. The AI database exposed during this breach contained sensitive information, including user chat history, secret keys, and critical backend data. Hosted on DeepSeek's own domains, the database was left unprotected, accessible without any authentication, allowing unauthorized individuals to view and manipulate the data.

Major security gaps revealed

The DeepSeek data leak revealed over a million log entries, which included valuable information such as user interactions, API keys that could grant access to DeepSeek’s internal systems, and detailed backend information on how its AI models functioned. Operational metadata, detailing the deployment and performance of DeepSeek’s AI services, was also found in the exposed database.

Also Read: DeepSeek unveils AI model claimed to outperform its rivals

Alarmingly, the AI security breach allowed full administrative access, meaning that malicious actors could read, modify, or delete sensitive data. This data breach highlights the significant risks startups in the sector face when basic security protocols are overlooked.

The breach was discovered when security researchers at Wiz Research scanned DeepSeek’s public-facing systems and identified unusual open ports that led them to the unprotected database. Upon realizing the severity of the sensitive data leak, Wiz Research promptly reported the issue to DeepSeek, who acted swiftly to secure the database and prevent further unauthorized access.

Rising security concerns in the AI sector

This incident underscores the growing AI security risks in the rapidly developing artificial intelligence industry. While companies like DeepSeek continue to innovate with cutting-edge models, such as DeepSeek-R1, they must not overlook the need for robust data protection measures.