As nifty and attention-garnering as the Chinese AI chatbot DeepSeek may be, there may be some security concerns associated with it.
A group known as Wiz Research has discovered an issue wherein more than a million lines of log entries were discovered within DeepSeek. The entries included chat histories and secret keys. For its own part, DeepSeek is currently under investigation in both Europe and the US over privacy and national security concerns. The app – which still sits at the top of Apple’s App Store – has been removed in Italy after the country’s privacy watchdog expressed concerns, a move likely to be repeated in other countries.
Per Wiz Research’s notes:
“Wiz Research has identified a publicly accessible ClickHouse database belonging to DeepSeek, which allows full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams […]
Within minutes, we found [the database] completely open and unauthenticated, exposing sensitive data [including] a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details.”
The problem was that the company had created a ClickHouse database without any authentication at all.
ClickHouse functions as an open-source, column-based database management system designed for fast analytical queries on large data sets. The technology was developed by Yandex and is used for real-time data processing, log storage, and big data analytics.
It was in one of these datasets, log_stream, that the sensitive data was found.
Stay tuned for additional details as they become available.
Via 9to5Mac and Wiz Research