Sensitive DeepSeek Data Was Exposed to the Web, Cybersecurity Firm Says (reuters.com) 9
An anonymous reader shared this report from Reuters:
New York-based cybersecurity firm Wiz says it has found a trove of sensitive data from the Chinese artificial intelligence startup DeepSeek inadvertently exposed to the open internet. In a blog post published Wednesday, Wiz said that scans of DeepSeek's infrastructure showed that the company had accidentally left more than a million lines of data available unsecured.
Those included digital software keys and chat logs that appeared to capture prompts being sent from users to the company's free AI assistant.
Wiz's chief technology officer tells Reuters that DeepSeek "took it down in less than an hour" after Wiz alerted them.
"But this was so simple to find we believe we're not the only ones who found it."
Those included digital software keys and chat logs that appeared to capture prompts being sent from users to the company's free AI assistant.
Wiz's chief technology officer tells Reuters that DeepSeek "took it down in less than an hour" after Wiz alerted them.
"But this was so simple to find we believe we're not the only ones who found it."
Highlights the need to run DeepSeek locally (Score:1)
Interesting (and not entirely surprising) data leak from DeepSeek. Between this and the inherent risk of any Chinese company having its data accessible by the CCP, it really highlights the need for users to take control of their AI interactions.
The good news is, DeepSeek can be run on your own hardware. For those concerned about data privacy and security (and frankly, who isn't?), running DeepSeek locally is a very viable option. The instructions aren't even that daunting, check out https://unsloth.ai/blog/
FUD in full force (Score:1)
There sure seems to be a remarkable urge to find problems with DeepSeek. Wonder why?
See, this is how you know Melonia Musk is a fraud, he would be doing this to his targets if he only could.
Re: (Score:2)
You really need to seek psychiatric help my friend. This obsession will not end well for you.
Re: FUD in full force (Score:2)
Because any tech that comes out of China needs extra scrutiny. This isn't FUD, China is an adversary to the west, not an ally.
Wonder if they're using MongoDB? (Score:2)
I hear it's web scale.
And now do all the others (Score:2)
Yep, they are larger and hence harder to scan. But do you really think they have better security?
when did it become acceptable to scan someones... (Score:2)
when did it become acceptable to scan someone's infrastructure without permission? I mean, I get it's publicly accessible, but from my history on the subject, you still need permission and scope from them before you are supposed to be doing any scans? Even if it is a misconfiguration scan (most are active attacks probing for those misconfigurations)... which I highly doubt this was limited to.