Chinese AI startup DeepSeek witnessed major data breach lately and exposed more than a million sensitive records. The incident was lately revealed by New York-based cybersecurity firm Wiz and it stated that DeepSeek had unintentionally left a database accessible online publicly. The exposed data were sensitive user chat histories, digital software keys, operational details and more.
The breach was due to an unsecured ClickHouse database and it allowed anyone to access internal data without any authentication. The report of Wiz stated that attackers could have exploited the vulnerability to gain full control over DeepSeek system.
DeepSeek quickly secured the database within an hour after Wiz alerted the company, but the breach has left many concerned about the security risks of using AI models. The alert comes at a time when DeepSeek is gaining immense popularity and particularly for its DeepSeek-R1 reasoning model.
Authorities in the US, Italy and Ireland are investigating the way DeepSeek handles personal data and especially given its rising influence and recent success in overtaking OpenAI’s ChatGPT on the Apple App Store.
Experts warn that the rush to scale AI technology can sometimes lead to neglecting basic security measures.
The breach is a reminder to the industry that powerful security measures are to be ensured and it is important for companies to work with AI providers who prioritize security.
