It is easy to forget that the conversations we have with artificial intelligence (AI) chatbots, such as chatgpt or self -o’clock, They are not completely private. Generally, the messages we exchange with these novel applications are used to train new language models and can be reviewed by company personnel in certain cases, as well as to address possible infractions of the terms of the service.
Now, our data could go even further in case of a security incident. According to the specialized company Wiz, a Deepseek database ended up exposed during a certain period of time. The ruling allowed external actors to access a variety of data, such as chat history, records of records, sensitive information of the API and operational details. Let’s look at the topic in depth.
Deepseek and an exposed database
Wiz researchers, who have detected several vulnerabilities in services such as Bing of Microsoft and Oracle Cloud, set out to evaluate Depseek’s security. “In a few minutes” they found a clickhouse database publicly exposed on the Internet. That is, you could access it without credential for any authentication. Clickhouse is an Open Source database management system developed by Yandex.
The American security company team determined that the exhibition allowed the direct execution of arbitrary SQL consultations through the browser. It was something quite dangerous because the door opened to obtain internal data. After executing several consultations they discovered “very sensitive data”, among which were records of texts without format and a significant volume of user’s chat history.
Wiz explains that among the code fragments they were numerous conversations. In lower screen capture we see a written message in Chinese, which translated into Spanish says: “Talk about solid propulsion rockets, covering its invention or discovery, historical evolution, relevance, components, principle of operation, functions and possible future advances . Desblossal in sections and provides details. ”
The message in question should never have left Deepseek servers, a company that, like others to which we trust our data, should protect them. Wiz explains that it soon revealed the problem to Depseek, which quickly solved the failure. It should be noted that we have not found an official statement of the company, so we have written Deepseek to include your comments in this article.
Deepseek is under scrutiny in Europe. The authorities of Data protection from Ireland and Italy They have issued information requests amid privacy concerns. The Italian agency, remember, sanctioned OpenAI last year for not informing a data gap in 2023. Earlier this week, Depseek said he was suffering a cyber attack, but did not provide details.
Images | freepik | Wiz | DeepSeek
In WorldOfSoftware | Mac has been integrated antivirus for years: this is how this silent (and advanced) system called Xprotect works
