Chinese AI company DeepSeek has fixed an exposed back-end database that was spilling sensitive information, including user chat histories and API keys, to the open internet. The DeepSeek database was not protected with a password, allowing anyone on the internet to access more than a million unencrypted logs inside.Â
Security researchers at cloud giant Wiz said they found the exposed database and alerted DeepSeek, which soon after took the database offline. According to Wired, the Wiz researchers said the exposed chat logs were in Chinese but easily translated. It’s not yet known if anyone else, other than Wiz, found the database before it was secured, nor is it known for how long the database was exposed. DeepSeek did not respond to a request for comment.
Misconfigured databases are often caused by human error, rather than due to malicious intent. DeepSeek has seen viral popularity since its public launch in December.