DeepSeek data breach overview:
- Who: Cybersecurity firm Wiz claims it found sensitive data belonging to the Chinese AI startup DeepSeek exposed on the internet.
- Why: Wiz says it believes DeepSeek AI left more than a million lines of data unsecured.
- Where: DeepSeek is based in China; Wiz is based in New York.
A cybersecurity firm says a cache of sensitive data from Chinese artificial intelligence startup DeepSeek has inadvertently been exposed online.
Wiz, a New York-based cybersecurity firm, said in a blog post late last month that scans of DeepSeek’s infrastructure showed the company accidentally left more than a million lines of data unsecured.
The information exposed in the apparent DeepSeek data breach included a “significant” volume of chat history, backend data and sensitive information — including log streams, API Secrets and operational details, according to Wiz.
Ami Luttwak, chief technology officer of Wiz, said DeepSeek promptly secured the exposed data after the cybersecurity firm alerted it to the breach, reports Reuters.
“They took it down in less than an hour,” Luttwak said, as reported by Reuters. “But this was so simple to find we believe we’re not the only ones who found it.”
DeepSeek reportedly did not immediately return a message from Reuters seeking comment.
DeepSeek has quickly become major player in AI space
DeepSeek’s rapid rise following the launch of its AI assistant has generated excitement in China and concern in the United States, reports Reuters.
The Chinese startup has reportedly already surpassed its U.S. rival ChatGPT in downloads from the Apple App Store, triggering a global selloff in tech shares.
Wiz said it discovered the data breach after it set out to assess DeepSeek’s “external security posture” and identify “any potential vulnerabilities” as the startup “made waves” in the AI space.
“Within minutes, we found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data,” Wiz wrote.
The cybersecurity firm said the data breach provided full database control and potentially even “privilege escalation” within DeepSeeks environment without the need for any authentication or “defense mechanism to the outside world.”
In other AI news, a group of visual artists filed a class action lawsuit against Alphabet Inc. and its subsidiary Google last year over claims the companies trained their AI software using datasets containing copyrighted images.
Are you concerned about the DeepSeek data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
7 thoughts onDeepSeek data exposed online, Wiz says
Add me, I’ve used deepseek, or where and how can I sign up for the claim?
Please add me
I want to know if I’m eligible.
Add me
oh nooooo, add me
I downloaded Deepseek and am concerned my sensitive info was compromised
Add me