DeepSeek Data Leak Exposes 1 Million Sensitive Records

Forbes | 2 February 2025

On Jan. 29, cybersecurity researchers at Wiz Research revealed that DeepSeek, a Chinese AI-driven data analytics firm, had suffered a significant data leak, exposing over one million sensitive records. The leak raises serious concerns about data security and privacy, particularly as AI companies continue to aggregate and analyze vast amounts of information, according to a report by CSO Online.

Scope of the DeepSeek Data Leak

DeepSeek, known for its work in AI-driven data processing and machine learning, reportedly left a large database exposed without proper authentication. According to Wiz Research, the database contained sensitive information such as chat logs, system details, operational metadata, API secrets and sensitive log streams.

The database, estimated to contain over one million records, was publicly accessible to anyone with an internet connection, raising significant concerns about DeepSeek's data management practices and compliance with privacy laws.

How Did the DeekSeek Data Leak Happen?

Wiz Research found that the leak was caused by a misconfigured cloud storage instance that lacked proper access controls. This type of oversight is a common vulnerability in cloud-based systems. The Wiz Research team promptly notified DeepSeek about the issue, and the company acted swiftly, securing the database within less than an hour of notification to prevent further exposure.

AIBP Insights