Skip to main content
  1. Home
  2. Computing
  3. News

Over a million lines of DeepSeek chat history were exposed in just a few minutes

By
DeepSeek AI running on an iPhone.
The home page chat interface of DeepSeek AI. Nadeem Sarwar / Digital Trends

Cybersecurity researchers from Wiz have found a ClickHouse database owned by Chinese AI start-up DeepSeek containing over a million lines of chat history and sensitive information. The database was publicly accessible and allowed the researchers full control over database operations.

The exposure was quickly secured after Wiz shared its discovery with DeepSeek, but it’s possible that information could have already been exposed. Research of this kind doesn’t pry too far into the databases it finds for ethical reasons, but Wiz concluded that an attacker could potentially escalate their privileges within the DeepSeek environment and retrieve sensitive logs, chat messages, passwords, and local files — all without needing any kind of authentication.

Screenshot from Wiz research into DeepSeek security.
Wiz / Wiz

Wiz targeted the start-up due to the recent media buzz around its R1 reasoning model, with the goal of assessing its external security. Somewhat shockingly, the ClickHouse database turned up after just a few minutes of basic searches and Wiz was able to interact with it through ClickHouses’s HTTP interface.

Recommended Videos

From there, all the researchers had to do was run a SHOW TABLES; query, and a list of accessible datasets appeared, including the “log_steam” table that included the many lines of sensitive information.

In its report, Wiz warns about the speed of AI adoption and how this pressure to develop, release, and integrate AI products as quickly as possible can lead to dangerous security practices. With all of the important and sensitive data that AI programs are now handling, the industry needs to enforce robust security practices that match those of public cloud providers and major infrastructure providers.

Editors’ Recommendations

Topics
Willow Roberts
Willow Roberts
Computing Writer
Willow Roberts has been a Computing Writer at Digital Trends for a year and has been writing for about a decade. She has a…
Nvidia to expand RTX 50-series with more GPUs for budget gamers
Side view of the RTX 4060

Recent filings with the Eurasian Economic Commission (EEC) by popular GPU manufacturer Zotac (spotted by @harukaze5719 on X), have unveiled potential new additions to Nvidia's RTX 50-series lineup - the RTX 5050, RTX 5060, and RTX 5060 Ti. These registrations suggest that Nvidia is preparing to introduce budget-friendly options within its latest GPU series.

The RTX 5050 is particularly noteworthy, as it would mark Nvidia's potential return to the sub-$250 GPU market—a segment it hasn't actively targeted since the RTX 3050. The absence of a 50-class card in the RTX 40-series left a gap that was filled by older RTX 30-series GPUs and offerings from competitors. The introduction of the RTX 5050 could provide an affordable entry point for gamers seeking to leverage Nvidia’s latest technologies without a significant financial outlay.

Read more
Nvidia’s RTX 5070 Ti could displace the RTX 5080 — but I’m worried about it
Two RTX 4070 Ti Super graphics cards sitting next to each other.

Nvidia's RTX 5070 Ti is mere days away. Set to launch on February 20, the GPU marks the beginning of Nvidia's mainstream RTX 50-series. With similar specs to the RTX 5080, the RTX 5070 Ti has every chance to rank high among the best graphics cards -- but it's also going to face a number of obstacles that might impact its success.

Thanks to some leaked benchmarks, we now have a better idea of how the card might perform, and that rough ballpark is really a bit of a mixed bag. Here's why I think the RTX 5070 Ti might have an uphill climb when it first hits the shelves, but also why it might completely displace the RTX 5080.
Promising benchmarks -- well, kind of

Read more
Google boosts enhanced security with AI-powered upgrade
Person using Google

Google has strengthened Chrome's security with AI-driven real-time protection, helping safeguard your PC from dangerous downloads, sites, and extensions, as spotted by Leo on X (via Bleeping Computer). Google tested the update for three months, but it's now distributing it to all users on the stable channel.

The key change is the addition of AI-protection to the security feature, which is part of safe browsing, that's been around for years. However, users should remember that browsing data is sent to Google when you enable Enhanced Protection. Google renamed the feature to highlight AI integration, but how the new version varies from the previous one is unclear.

Read more