Summary
Chinese AI company DeepSeek exposed an unprotected database containing over a million unencrypted chat logs, API keys, and other sensitive data.
Security researchers at Wiz discovered the vulnerability and alerted DeepSeek, which promptly took the database offline.
It’s unclear how long the data was exposed or if others accessed it before Wiz.
DeepSeek, which gained viral popularity since its December launch, has not commented.
I don’t know, it doesn’t feel like a cost thing to me. If even one second of thought was given to security this could have been prevented basically for free.
Security costs money to develop and implement.
Technically correct but that’s like saying it takes effort to set up a passcode on your phone. Yes but it’s basically as close to zero as you can get and the return makes it a no brainer. Data breaches also cost money to remediate and can cause potentially trust destroying reputational damage.
It’s a no brainer if you’re paying people enough to understand the problem.