Summary

Chinese AI company DeepSeek exposed an unprotected database containing over a million unencrypted chat logs, API keys, and other sensitive data.

Security researchers at Wiz discovered the vulnerability and alerted DeepSeek, which promptly took the database offline.

It’s unclear how long the data was exposed or if others accessed it before Wiz.

DeepSeek, which gained viral popularity since its December launch, has not commented.

  • "no" banana
    link
    81 month ago

    I’m not surprised. It’s why I haven’t touched it yet.

      • Flying Squid
        link
        -71 month ago

        Yeah! Locally! There’s no possibility of a backdoor!

        Why would the Chinese do that?

        • @JustARaccoon
          link
          1030 days ago

          You download a model that you plug into a front-end that supports that model type, if the front-end doesn’t give it access it won’t have access.

          It’s like being afraid of Photoshop brush file, the brush is only used when you want it how you want it within the confines of Photoshop. Same for models. At worst a backdoor would exist in Photoshop (or in our actual case in one of the front ends) that the brush file somehow exploits, but that’s a big reach, especially with open source software.

          If people are however downloading self contained .exes or something with a model+frontend pre-packaged, well, that’s on them. I don’t think deepseek makes any such file available anyway so blaming them feels a bit… xenophobic?

          • Flying Squid
            link
            -130 days ago

            It’s only xenophobic if you trust all the other LLMs made in other countries… which I don’t.

            But you jumped on that accusing people of bigotry claim before you bothered to find that out.

            • @JustARaccoon
              link
              630 days ago

              Damn, jumping to accusations sure is crazy, what was your first comment in this reply thread again? Jumping to backdoor accusations.

              • Flying Squid
                link
                030 days ago

                What makes you think I meant that the others don’t have them?

                Do I really have to mention every other country with LLMs when I bring up DeepSeek?

            • Shawdow194
              link
              fedilink
              430 days ago

              To be fair you can run it locally in a virtual machine that is airgapped if you did want to run it

              But I’m with you. Im gonna wait a bit longer before trying this one on my personal machines

              • Flying Squid
                link
                230 days ago

                Yeah, airgapped is definitely different.