Chinese AI Chatbot DeepSeek Exposes Sensitive User Data in Major Security Breach

Summary of DeepSeek Security Breach

• Major Security Failure: Chinese AI chatbot DeepSeek exposed a database containing over a million lines of log entries, including chat history and secret keys, due to lack of authentication.
• Discovery by Wiz Research: Security researchers from Wiz Research found the publicly accessible ClickHouse database, which allowed full control over internal data operations.
• Sensitivity of Exposed Data: The exposed data included chat logs, backend information, API secrets, and operational details, raising significant privacy concerns.
• Disclosure Issues: Wiz Research had difficulty finding a security contact at DeepSeek, leading them to spam multiple email addresses to disclose the vulnerability.
• Immediate Action by DeepSeek: Once informed, DeepSeek secured the database.
• Ongoing Investigations: The company is under investigation in both Europe and the US over privacy and national security concerns.
• App Store Removal in Italy: DeepSeek has been removed from the App Store in Italy following actions by the country’s privacy watchdog. This move may be replicated in other countries.
• Market Impact: AAPL stock increased by 3% on news of DeepSeek's issues, while other tech stocks declined.