DeepSeek's Dataset Exposed in Public Database:
A cybersecurity research firm, Wiz Research, has discovered that DeepSeek's sensitive dataset might have been publicly exposed. The dataset was found through an unauthenticated ClickHouse database, which allowed full control over database operations. This data breach potentially risks sensitive information, including chat history, secret keys, log details, and backend data.

Discovery of the Unauthenticated ClickHouse Database:
Wiz Research conducted an investigation into DeepSeek's external security due to the AI platform's growing popularity. After using advanced techniques, the researchers identified two open ports linked to multiple public hosts. These ports led to the discovery of an unauthenticated ClickHouse database that was accessible without any credentials.

Contents of the Exposed Dataset:
The exposed dataset reportedly includes over a million log entries, timestamps, internal API references, chat history, API keys, backend details, and other operational metadata. This unencrypted, plain-text data presents a serious security concern as malicious actors could use it to steal passwords, proprietary files, and critical information from DeepSeek’s servers.

Potential Risks and Consequences:
If exploited by attackers, the exposed information could lead to the exfiltration of sensitive data from DeepSeek’s infrastructure, with implications for both the company and its users. This breach raises concerns about the security of AI platforms and their vulnerability to such data exposures.

Uncertainty Over Data Containment:
At the time of the report, it was unclear whether DeepSeek had been notified about the breach or if the exposed dataset had been taken offline. The issue remains unresolved, and there are ongoing concerns about the potential for further exposure or exploitation.