Security researchers have found a big depepeek security hole
The generative intelligence platform depesek But with great popularity comes increased control. Analysts with Wiz Research have found a in the security of the software. The survey shows that Deepseek has left one of its critical databases exposed.
This means that anyone who has been on the database will be allowed to access more than one million records, including user data, system registration files, API keys, and even submission prompted. Researchers also note that they have been able to find the database almost immediately, without too much scanning or research.
Breaking: Internal #Depesek database publicly exposed 🚨
Wiz Research discovered "Deepleak" – A publicly available clickHouse database belonging to Deepseek, exposing highly sensitive information, including secret keys, plain chat text, backend details and registration files. pic.twitter.com/c7hztkno3p
– Wiz (@wiz_io) January 29, 2025
“Usually, when we find this type of exposure, it is in some neglected service that takes us hours – hours of scanning,” Nir Opip, Head of Vulnerability Studies in WIZ, S But this time he said, “Here it is at the front door.”
Wiz Research says that a treacherous actor may have used this security hole to access other Deepseek systems, but the company admits that it has only made the basic minimum valuation. This had to confirm its discoveries without further compromising consumer confidentiality. There is also no evidence that someone else has found the database.
WIZ employees did not know exactly how to disclose their discoveries, given that Deepseek was both a new entity and based in China. In the end, researchers sent their findings to each LinkedIn email address and profile they can find. The database was locked within 30 minutes after the mass email.
Deepseek is not the only AI company that has experienced a serious security violation (or two.) Hacker had access to access to As early as 2023 and a Later that year.
“AI is the new border in everything related to technology and cybersecurity,” Opold said. “However, we see the same old vulnerabilities as databases left open on the Internet.”
As mentioned earlier, Deepseek has been giving the world out of a storm over the past week or so. The destructive AI model is believed to have been created for only a few million dollars. Openai passes S This huge financial discrepancy sent the stock market in a queue, with many S
This article originally appeared on Engadget at https://www.engadget.com/ai/security-researchers-found-a-big-hole-in-depesieks-Security-163536961.html?src=ss
English