CyberHappenings logo
☰
🏠 Home 📂 Browse ℹī¸ About

DeepSeek Data Leak Exposes Over 1 Million Sensitive Log Streams

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

In January 2025, Wiz Research identified a data leak at DeepSeek, a Chinese AI specialist. The leak exposed over 1 million sensitive log streams, including chat histories and secret keys, due to a publicly accessible ClickHouse database. The database allowed full control over database operations, enabling unauthorized access to internal data. DeepSeek secured the exposure immediately upon notification. The incident highlights the risks associated with data leakage and the importance of robust security measures. The leak underscores the potential for both intentional and unintentional data breaches, emphasizing the need for comprehensive security practices to mitigate such risks.

Timeline

  1. 03.09.2025 14:45 📰 1 articles

    DeepSeek Data Leak Exposes Over 1 Million Sensitive Log Streams

    In January 2025, Wiz Research discovered a data leak at DeepSeek, a Chinese AI specialist. The leak involved a publicly accessible ClickHouse database that exposed over 1 million sensitive log streams, including chat histories and secret keys. The database allowed full control over database operations, enabling unauthorized access to internal data. DeepSeek secured the exposure immediately upon notification. The incident underscores the risks associated with data leakage and the importance of robust security measures.

    Show sources
    Open in new tab

Information Snippets

  • The data leak at DeepSeek was discovered in January 2025 by Wiz Research.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources

  • The leak involved a publicly accessible ClickHouse database belonging to DeepSeek.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources

  • Over 1 million lines of log streams were exposed, containing sensitive information such as chat histories and secret keys.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources

  • The exposed database allowed full control over database operations, including access to internal data.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources

  • Wiz Research immediately reported the issue to DeepSeek, which secured the exposure promptly.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources

  • Data leakage can be intentional or unintentional, involving various vectors such as misconfigured cloud storage, endpoint vulnerabilities, emails, messaging, and shadow IT.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources

  • Common drivers of data leakage include weak access controls, lack of data-classification policies, insufficient monitoring, and inadequate employee training.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources

  • Consequences of data leakage can include regulatory fines, loss of intellectual property, financial crimes, and reputational damage.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources

  • Organizations can protect against data leakage by enforcing least-privilege access, using data loss prevention (DLP) solutions, classifying sensitive data, conducting audits, and providing employee training.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources

  • Outpost24's CompassDRP helps organizations manage the risk of data leakage by detecting potentially leaked documents, confidential data, and source code.

    First reported: 03.09.2025 14:45
    📰 1 source, 1 article
    Show sources