Clik here to view.
Clik here to view.
The days of celebration may have come to a sudden halt for DeepkSeek, as multiple reports have surfaced with evidence of data leaks. The company shot to fame for launching a cost-effective AI chatbot on par with OpenAI’s ChatGPT. Here’s all you need to know.
Critical Security Flaw Discovered by the US-based Research Company
On January 30 2025, Wiz Research, an American cloud security startup, flagged a major security vulnerability in DeepSeek’s database management for its AI chatbot.
As DeepSeek, the China-based AI company, has been garnering praise after it launched an economic AI system rivalling OpenAI’s o1 in performance, the cybersecurity company decided to evaluate its security status and identify any potential vulnerabilities.
After digging, they spotted a publicly accessible ClickHouse database linked to DeepSeek, which was not authenticated by any security measures and could expose multiple sensitive data.
Wiz Research describes the ClickHouse database as, “an open-source, columnar database management system designed for fast analytical queries on large datasets. It was developed by Yandex and is widely used for real-time data processing, log storage, and big data analytics, which indicates such exposure as a very valuable and sensitive discovery.”
This database stored a significant amount of chat history, backend data and sensitive information, including log streams, API secrets, and operational details.
Most importantly, this vulnerability would allow full database control and potential privilege escalation within the DeepSeek environment with no safeguard. Potential privilege escalation is when an attacker exploits a security vulnerability in your environment or infrastructure to gain higher access and control within a system or network.
Various Other Agencies Raised Concerns Over DeepSeek’s Database Management
A few days ago, the Italian Data Protection Agency, Grata, also launched an investigation seeking answers from DeepSeek on its use of sensitive data. Given the risk, the agency has inquired about Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, and the companies overseeing the DeepSeek chatbot service to get deeper into the issue.
Questions like what personal data are collected, the sources used, the purposes pursued, the legal basis of the processing, and whether such data are stored on servers located in China, were asked.
The AI-based company has been given 20 days to produce its stance before the agency. But in the meantime, the app has been removed from both Apple and Google app stores in the country. It is unclear whether both companies took down the app at the request of the Italian Government or DeepSeek pulled the plug at its discretion.
Moreover, according to multiple sources, the US Navy issued an advisory ordering shipmates not to use DeepSeek AI “in any capacity” due to “potential security and ethical concerns associated with the model’s origin and usage.”
These steps make sense when we consider DeepSeek’s privacy policy as it has been highlighted in the document that they can retain information “for as long as necessary to provide services and for the other purposes set out in this Privacy Policy.” You can check its entire privacy policy here. We shall see how this progresses and if the new AI tool is a threat. So, stay tuned for further updates.
The post DeepSeek AI Database Leak May Have Exposed Sensitive User Data appeared first on MySmartPrice.