“This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details.”
It appears that DeepSeek — the same AI platform that sent tech stocks crashing because it might be better and was definitely cheaper than U.S. AI platforms — could not get basic security right. The Register reports:
China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story.
Wiz, a New York-based infosec house, says that shortly after the DeepSeek R1 model gained widespread attention, it began investigating the machine-learning outfit’s security posture. What Wiz found is that DeepSeek – which not only develops and distributes trained openly available models but also provides online access to those neural networks in the cloud – did not secure the database infrastructure of those services.
That means conversations with the online DeepSeek chatbot, and more data besides, were accessible from the public internet with no password required.
Read more at The Register.