DeepSeek security disaster! Over 1 million pieces of data leaked, API keys, and user conversation records all exposed

The rapid rise of AI models published by Chinese AI startup DeepSeek this week has also brought more follow-up to the service, but Wiz Research, a New York-based cloud security company, reported on Thursday that DeepSeek exposed a critical database to the network, leaking more than 1 million records, including system logs, API authentication keys and user chat logs. (Synopsis: OpenAI angrily accuses DeepSeek of infringement creator acid reflux: the biggest thief shouts to catch the thief, the US Navy orders to ban DeepSeek) (Background supplement: OpenAI has obtained evidence of "DeepSeek infringement", stealing GPT distillation technology to train Chinese AI) The AI model published by Chinese AI startup DeepSeek has become popular recently, but it has also triggered follow-up from regulators and governments around the world. OpenAI has accused DeepSeek of infringement, and the U.S. Navy has ordered a complete ban on DeepSeek, citing safety and moral risks, to question whether its privacy, censorship mechanisms, and Chinese background pose a national security risk. DeepSeek's millions of data breaches Wiz Research, a New York cloud security company, released a report on Thursday that the company scanned a publicly accessible database on DeepSeek and found that DeepSeek accidentally leaked more than 1 million pieces of unprotected data, including system logs, API authentication keys, and chat logs, seemingly obtained from messages sent by users to DeepSeek. The study showed that anyone who found the database could freely access the data, and Wiz co-founder Ami Luttwak revealed that the data was quickly protected after the company warned DeepSeek: They removed the data in less than 1 hour... But this information is so easy to find, I believe we are not the only ones who find it. Wired reports that databases exposed to the open web and accessible to anyone have been a long-standing problem that enterprises and cloud service providers have grappled with, but the Wiz researchers emphasize that the DeepSeek database they found is almost immediately visible and can be found with just the most basic scans. The researchers found that the data appeared to be housed in the ClickHouse database, a common Open Source database that is often used for server analysis, and the leaked data also coincided with this, including records of users' actions on the DeepSeek platform, instructions entered, and API keys used for authentication. Nir Ohfeld, Wiz's head of security vulnerability research, said that usually when the company finds such vulnerabilities, it is in some neglected service that takes hours to scan to find, but this time it is completely different, DeepSeek's database is almost in front of you: The technical difficulty of finding this vulnerability is minimal. Wiz researchers perform minimal data analysis, but they speculate that malicious attackers, if they have access to this data, could even exploit the vulnerability to further infiltrate other systems at DeepSeek or even perform remote code attacks. Wiz CTO Ami Luttwak points out that this shows that DeepSeek's service is not yet mature enough to be used for any sensitive data, and errors are inevitable, but this one is serious because the company can gain access at such a high level with little effort. Related reports Deepseek R1 opens up the "new era of DeFAI", what new path has emerged between Open Source and AI agents? DeepSeek launches AI multimodal open source model "Janus-Pro", image generation crushes DALL-E 3, Stable Diffusion DeepSeek forms a dimensionality reduction blow to the encryption AI track, which projects are worth following under the general decline? 〈DeepSe explosion capital security disaster! More than 1 million data leaks, API keys, user conversation records all look at the light" This article was first published in BlockTempo "Dynamic Trend - The Most Influential Block Chain News Media".