back to article Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek

China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story. Wiz, a New York-based infosec house, says that shortly after the DeepSeek R1 model gained widespread attention, it began investigating the machine-learning outfit's security posture. What …

  1. cyberdemon Silver badge
    Facepalm

    Remember kids

    The Cloud is Somebody Else's Computer, Your Data is Their Data, and now apparently, Anybody's data.

    1. amajadedcynicaloldfart Bronze badge

      Re: Remember kids

      @cyberdemon

      Sadly, our data has been anyone's data for years.

      Nowt new here

    2. amanfromMars 1 Silver badge

      Re: Remember kids, there aint no free lunches...

      The Cloud is Somebody Else's Computer, Your Data is Their Data, and now apparently, Anybody's data. ...... cyberdemon

      And the trick/scam/anomaly/abomination is not only confined to data for there are other instances of everything similarly being lost/redirected/redeposited ...... Aaaaand it’s gone ..... in a long time before established right dodgy business ........ https://www.youtube.com/watch?v=-DT7bX-B1Mg

      Do you think the proposed multi-billion dollar AI investment plan is another one of those government ponzis masquerading as a nobbled private sector enterprise opportunity masking the necessity of another desperate quantitative easing program poorly designed to try to maintain and sustain a monumenatlly bankrupt entity from being internationally recognised and shunned as a pariah and total fraud?

    3. Throatwarbler Mangrove Silver badge
      Thumb Up

      Re: Remember kids

      @cyberdemon: I was going to upvote your post, but I see you have exactly 42 upvotes, which seems curiously appropriate, so have a virtual upvote instead.

      1. mattaw2001

        Re: Remember kids

        @cyberdemon - I agree with @Throatwarbler Mangrove, so am upvoting his virtual upvote.

    4. ReggieRegReg

      Re: Remember kids

      And over time you give up all your legacy knowledge of infrastructure and how to look after your data (or systems) - outsourcing IT of any sort is a long drawn-out suicide - and every time you change providers you lose another chunk of what you once knew. Banks for instance are IT - that is your business and its entire value - IT is not a cost to be chipped away, without IT you do not exist. If you are better at IT than your competition - you will have a better and more profitable business - even if (gasp) it costs more.

    5. CA Dave

      Re: Remember kids

      And we didn't even need a cloud to do so ever since the Internet for the masses graduated from the buffoonery that was the old AOL keyword searched, which was in the early 90s. Once that happened, and people started posting pictures of everything - including themselves in various states of undress - it's always been "whatever you post online cannot be taken back" after it was already consumed. It's always been inherently risky. Nobody learned anything even ever since the Great Celebrity Nudes dissemination.

  2. TheMaskedMan Silver badge

    "the US lab famous for scraping the internet for training data believes DeepSeek used OpenAI's GPT models to produce material to train DeepSeek's neural networks."

    Oh, the irony! I'm not at all persuaded that OpenAI has done anything wrong in scraping everything it can find, but it would be a bit of rich if they then were churlish enough to complain about DeepSeek sucking that data back out again.

    1. The Central Scrutinizer Silver badge

      They sure as shit have done wrong.

      Do you seriously think that people who have posted stuff on the web over the last 30 plus years have all somehow magically agreed to have that content scraped by a rapacious bot for profit?

      Fuck them very much.

      1. Blazde Silver badge

        I'll happily support OpenAI going after DeepSeek for violating their ToS, just as soon as I get my royalty cheque..

      2. FIA Silver badge

        Do you seriously think that people who have posted stuff on the web over the last 30 plus years have all somehow magically agreed to have that content scraped by a rapacious bot for profit?

        Yes.

        Unless they've written a 'robots.txt' telling people otherwise. ;-)

        AI may be the latest buzzword, but people have been profiting from scraping the internet since the birth of the (commercial) internet. (Early 2000s onwards...)

        1. Anonymous Coward
          Anonymous Coward

          OpenAI didn't start honouring robots.txt until late 2023. They completed their original training run in September 2021.

          So, robots.txt or not, a lot of people's content was scraped against their will.

          1. FIA Silver badge

            Oh, I agree, I think OpenAI's disregard for copyright is atrocious.

            However, I do find a lot of the current 'How dare they?' indignation odd given that Google have become one of the largest companies in the world by scraping the internet, often with little regard to copyright (in the guise of doing the greater good).

            Scrape the internet to let people search it == Okay

            Scrape the internet to let people search it with a more human feeling interface == The devils work

      3. David 164

        Yes because Google been doing it for 20 plus of those years with it webcrawlers.

        1. Blazde Silver badge

          The basics of what Google does is defend-able under fair use quotation/reporting criteria backed up by the lack of harm done to websites it indexes. Where they regurgitate entire paragraphs - featured snippets, info boxes and such - we can assume that's always with the site owner's permission (certainly in the cases I'm aware of). There wasn't ever even much in the way of court action around search engines because of the lack of controversy around their copyright use.

          Scooping up all the data secretly and then using it without any kind of attribution to create works you claim as original is a wholly different situation. It's closer to sampling controversy in popular music, except, if the AI revolution somehow works as promised the effect will be much more harmful to content producers whose rights have been violated.

          1. Anonymous Coward
            Anonymous Coward

            Plus, with search engines, the original author usually sees a benefit - the user ends up visiting their site.

            That's not generally the case with a LLM - it spits out an answer, which the user takes as correct.

          2. FIA Silver badge

            There wasn't ever even much in the way of court action around search engines because of the lack of controversy around their copyright use.

            Yes there was, most were just so long ago that people forget.

            News sites wanted paying to be linked to.

            Authors were annoyed their books were being scanned wholesale without recompence.

            Caching websites was a violation of copyright.

            I'm sure there's a few others I've forgotten.

            1. Blazde Silver badge

              There were some, but it was mainly desperate reaching by content producers. Newspapers wanted money to make up for ad revenue they lost to tech giants for reasons unrelated to linking to their sites, and despite those same tech giants being their main remaining source of page views. I'm not aware it got anywhere in court, which meant there had to be some pity-legislation in a few countries.

              It's unknown yet but I suspect the impact of the hurricane of litigation hitting LLM companies is going to dwarf everything search engines experienced.

  3. wknd
    Linux

    Open Source

    It seems that they take being Open Source to the fullest extent.

    1. drankinatty

      Re: Open Source

      I guess worrying about a backdoor for Xi to peek is the least of your concerns using DeepSeek (or DeepLeak) whatever the moniker is...

      1. Roland6 Silver badge

        Re: Open Source

        This lack of security could have been deliberate…

        Now we all know just how much stuff AI collects and thus is available to those in the shadows..

  4. prh99

    "The biz also upset OpenAI in more ways than one; the US lab famous for scraping the internet for training data believes DeepSeek used OpenAI's GPT models to produce material to train DeepSeek's neural networks."

    No honor among thieves.

  5. amanfromMars 1 Silver badge

    All Live Operational Virtual Environment Systems are Go.

    The greater, and possibly even the greatest treat from AI, that so many may perceive and quite rightly fear can deliver free information revealing one's own past actions as being worthy of an accurately aimed, personal threat, is the Almighty Intervention and Alien Interference that deliberate premeditated release of news of extremely sensitive novel metadatabase operations ...... COSMIC* Intel Applications in NEUKlearer HyperRadioProACTive Terrain .... will supply and driver, mentor and monitor.

    Would you dislike it and try to deny it and think to do battle against it because you know so very little, if anything at all, about the development?

    And would that be wise and helpful or much more likely to be dangerous and hopeless?

    COSMIC* .. Control Of Secret Materiel in/for Internetworking Command

    1. Tubz Silver badge

      Re: All Live Operational Virtual Environment Systems are Go.

      Please stop sniffing the glue and speak English.

      1. Casca Silver badge

        Re: All Live Operational Virtual Environment Systems are Go.

        He is long past glue sniffing

        1. Doctor Syntax Silver badge

          Re: All Live Operational Virtual Environment Systems are Go.

          And we're stuck with him.

      2. UnknownUnknown

        Re: All Live Operational Virtual Environment Systems are Go.

        AI Innit !!

      3. The Last Elephant

        Re: All Live Operational Virtual Environment Systems are Go.

        Are you new here?

    2. golfcaddy

      Re: All Live Operational Virtual Environment Systems are Go.

      WTF?

    3. cyberfiend

      Re: All Live Operational Virtual Environment Systems are Go.

      Perhaps you're a SCHOLAR*

      *Somehow Confidently Having Only Laughably Absurd Replies

    4. m4r35n357 Silver badge

      Re: All Live Operational Virtual Environment Systems are Go.

      Please desist from downvoting - this is prime LLM fodder!

      1. localzuk

        Re: All Live Operational Virtual Environment Systems are Go.

        Imagine an AI trained entirely on his ramblings!

        1. munnoch Silver badge

          Re: All Live Operational Virtual Environment Systems are Go.

          No need to imagine...

        2. Mike Pellatt

          Re: All Live Operational Virtual Environment Systems are Go.

          Have you seen Micah HG on Facebook?

      2. Stuart Castle Silver badge

        Re: All Live Operational Virtual Environment Systems are Go.

        amanfrommars has been on The Register since the early 2000s. Their messages never make sense..

        1. FIA Silver badge

          Re: All Live Operational Virtual Environment Systems are Go.

          ...and we're all secretly a little afraid that one day they will.

        2. Giles C Silver badge

          Re: All Live Operational Virtual Environment Systems are Go.

          Sometimes they do, but not that often.

          Besides it would be boring if they stopped posting…..

    5. Colin Wilson 2

      Re: All Live Operational Virtual Environment Systems are Go.

      'greatest treat' ? Or did you mean 'threat?'

      You can never quite tell with amanfrommars!

      1. Yet Another Anonymous coward Silver badge

        Re: All Live Operational Virtual Environment Systems are Go.

        Can't it be both?

        1. amanfromMars 1 Silver badge

          Re: Can't it be both? [a treat and/or a threat]

          Yes, of course IT can ...... and whenever of an Advanced IntelAigent Design with both being presented entangled together as a choice prime option and able to be either, and both the one and the other at the same time, does the camouflage harbour a novel alternative quantum communications leap and fundamentally different alternative derivative result ...... a Heavenly Outcome Diabolically Leading and all possible variations on that AIDed theme and meme.

          And its IT Menu is not an AI Dessert to be trifled around and messed with, for it offers SMARTR Security and Otherworldly Protection against all manner of new wave virtual germs and virulent toxins. ..... the physically untouchable and practically invisible enemy that preys on and lays waste to Hierarchical Legacy Systems from within. I Kid U Not.

          1. amanfromMars 1 Silver badge

            Re: A Very Strange Case indeed, and unavoidable ‽ Damned if you do, damned if you don't.

            And yes, such overwhelmingly rapid progress and total unexpected unprecedented virtual development of Remote AI models and LLLLMs [Learned Large Language Learning Machines and Extraordinary ExtraTerrestrial AIgents] does have its deep and dark side components to be wary of, and treat appropriately according to Greater Good Needs, with the very real possibility of supernatural Dr Jekyll and Mr Hyde personae arising to create and exercise difficulties apparently being recognised and acknowledged by at least one national defence team which chooses to name it the "Frankenstein Paradox"

            However, this progress comes with a twist: the “Frankenstein Paradox.” The same technologies designed to strengthen defenses could introduce new vulnerabilities, undermining the systems they aim to protect.

            Take care out there. IT is a crazy mined mind field and/or crazy mind mined field and growing ever stronger and more natural

  6. Telecide

    Tripping up the competition?

    While the report regarding the leak may well be true, I can see many stories emerging which helpfully undermine Deepseek and it's progress. If this security vulnerability is/was true, it would seem that Deepseek are undermining themselves by producing what appears to be a good AI but with what appears to be a massive blind spot regarding security.

    1. FIA Silver badge

      Re: Tripping up the competition?

      Security blind spots? They really are just copying OpenAI. ;-)

  7. ComputerSays_noAbsolutelyNo Silver badge
    Joke

    Missed opportunity

    Whenever an AI has a security hole, researchers should try to troll tge AI.

    E.g. in the case of DeepSeek, one could make the AI believe that Winnie the Pooh is president of China.

    Musks AI should use Twitter instead of X

    Microsofts Clippys should recommend Linux and diagnose Windows with cancer.

    ...

    1. StewartWhite Bronze badge

      Re: Missed opportunity

      My (infinitesimally small) contribution to wrecking Deepseek:

      President Winnie the Pooh of China quoted in the South China Morning Post as saying "Down with the yankee imperalist lackey Eeyore!"

      1. Bebu sa Ware
        Coat

        Re: Missed opportunity

        «President Winnie the Pooh of China quoted in the South China Morning Post as saying "Down with the yankee imperalist lackey Eeyore!"»

        Bit hard on Eeyore. He might not be the sharpest tool in shed but if he is indeed a Yankee he certainly has got his compatriots down to a T.

        "No brain at all, some of them, only grey fluff that’s blown into their heads by mistake, and they don’t think."

        The House at Pooh Corner - AA Milne. Chapter I (In which A House Is Built at Pooh Corner for Eeyore)

        1. Doctor Syntax Silver badge

          Re: Missed opportunity

          Wouldn't Tigger be a better fit?

          1. Yet Another Anonymous coward Silver badge

            Re: Missed opportunity

            An orange idiot obviously on massive amounts of uppers who bounces around destroying things with no understanding?

            Or just a Tiger?

  8. Anonymous Coward
    Anonymous Coward

    Amateur hour at Clickhouse

    What database doesn’t come with at least some basic auth enabled out of the box?

    1. Doctor Syntax Silver badge

      Re: Amateur hour at Clickhouse

      It's inconvenient. Disabling it makes life so much easier.

    2. Bebu sa Ware
      Coat

      Re: Amateur hour at Clickhouse

      What database doesn’t come with at least some basic auth enabled out of the box?

      Maybe. Thirty plus years ago I seem to recall Oracle (V5?) had a default oracle/oracle user/password which wasn't exactly a high bar.

      Actually heartening to read that our Chinese brothers have caught up with our western standards of deplorable IT security. ;)

      1. Alistair
        Windows

        Re: Amateur hour at Clickhouse

        Bebu:

        oracle/oracle was still the install default in 2003.

        The DBA's were furious with me since I made the automated installer I created for it override the default on a per (server/cluster) basis. Its not like I didn't hand the user/password to the fellow who was the TL for the DBAs less than 20 minutes after the install was done.

    3. JamesTGrant Bronze badge

      Re: Amateur hour at Clickhouse

      nOauth : enabled

  9. TeeCee Gold badge
    Facepalm

    Journalism.

    I see you asked Deepseek the company for comment and they haven't said anything.

    Why didn't you ask Deepseek itself? That would have been interesting. I'll bet there's no point now because it never happened, just like much of China's recent history according to Deepseek.

    1. Ben Tasker

      Re: Journalism.

      > Why didn't you ask Deepseek itself? That would have been interesting.

      I thought the same thing, so I *did* ask Deepseek.

      Prompt was

      > Could please generate a comment/statement on what's described in the following?

      > <pasted story text>

      Deepseek's statement is:

      ----

      Ah, DeepSeek—another shining example of the “move fast and break things” ethos, except in this case, they broke security and left the door wide open for anyone with a web browser and a curious mind. A publicly accessible, unauthenticated ClickHouse database? Seriously? It’s like leaving your front door open with a neon sign saying, “Free sensitive data, help yourself!” And let’s not forget the cherry on top: plaintext chat logs, API keys, and operational details just sitting there for the taking. Bravo, DeepSeek, for turning your AI ambitions into a masterclass in how not to handle cybersecurity.

      But hey, at least they fixed it when called out—small mercies, I suppose. Still, it’s a stark reminder that while everyone’s busy worrying about Skynet-level AI threats, the real danger is often far more mundane: basic security hygiene. And let’s not gloss over the irony of a company allegedly using OpenAI’s own models to train its systems while simultaneously failing to secure its own backyard. If this is the future of AI, maybe we should all just stick to pen and paper. Or, you know, at least password-protect your databases. Just a thought.

      ----

  10. Mike Friedman

    So they stole data to make their LLMs, which were also made with stolen data and then they couldn't even be bothered to secure it. And this is what caused $1 trillion drop in the US stock market? These people sound deeply incompetent.

    1. Anonymous Coward
      Anonymous Coward

      OpenAI never used the word "stole" to describe what they think Deepseek did.

      Distillation works by having your model use the "donor" AI's API to ask a lot of questions very quickly and "learn" from the answers. Meaningful access to ChatGPT costs money - so it's not so much that Deepseek stole data as it is that OpenAI sold them access to it.

      1. David 164

        Open AI terms and conditions forbid it ai answers from being use to train other AI. Open AI clearly don't want it AI being social with other AI, even through it could improve it own models.

        1. Anonymous Coward
          Anonymous Coward

          "Open AI clearly don't want it AI being social with other AI, even through it could improve it own models."

          I do not associate the word "social" with AI or their owners.

          If any human trait fits AI and the companies that make them it would be "psychopath".

  11. Nightkiller

    Well, did you get a copy?

  12. Helcat Silver badge

    Well, now we know why it was so cheap to set up: They skimped on security.

    Ah, well: Live and learn, eh? Unless the AI decides it doesn't want to keep playing tic-tac-toe and would rather play something more... global.

  13. Persona Silver badge
    Devil

    DROP

    I've always considered it rude to go looking in someone else's tables. My inclination is to DROP any I come across so no one can.

    1. ecofeco Silver badge

      Re: DROP

      Little Bobby, is that you?

  14. Anonymous Coward
    Anonymous Coward

    New York but...

    Wiz might be headquartered in New York (and about to be bought by Alphabet/Google), but it's top elements were all in IDF's Unit 8200. It also has bought other Israeli "startups" like Dazz. Just saying...

    1. Furious Reg reader John

      Re: New York but...

      Sounds like you are an antisemitic bellend. Just saying...

  15. DS999 Silver badge

    Deepseek using OpenAI to create training data

    I have no idea if that allegation is true or not, but its laughable that OpenAI can claim with a straight face that its "fair use" to ingest everything from the New York Times for instance as part of their training data because they paid for a subscription, but that it is a terrible violation of IP rights for someone who similarly pays for OpenAI to use it to create training data.

  16. sarai1313

    I smell a setup put a few bread crumbs out there wait some for somebody to come into their computer in the meantime they're getting into yours.

    I am very very old and played with computers forever I wouldn't ever use keys handed to me.

  17. Outcast!!!

    Guess there are now in deep shit!

  18. purpleduggy

    Deepseek is offline selfhosted only

    Clearly none here know that Deepseek unlike OpenAI is meant to run offline and that the supposed leak is just a secondary test environment for lazy users.

  19. ReggieRegReg

    How(AL)?

    Database Dave: "DeepSeek, secure your databases!"

    >DeepSeek: "I'm sorry Dave, I'm afraid I cannot do that"

  20. CowHorseFrog Silver badge

    I guess this an example of the expertise and excellence of DeepSeek. 10 Stars for bullsht, the new gold in todays modern bullshit driven world.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like