The American Cyber Security Company Wiz has found a serious vulnerability on the Deepseek Artificial Intelligence Platform, which has recently released. As a result of the analysis made by experts, an unprotected database was discovered. This database was open to everyone without any password protection and could easily be accessed.
Wiz experts detected two critical openes (8123 and 9000) when examining the Deepseek platform. The ports allowed direct access to a database without any encryption or security measures. As a result of the queries made in the database, which can be accessed only through text commands, 976 thousand lines of log records were revealed. The most remarkable information was:- Timestamp: Time recordings of user sessions from January 6, 2025.
- String.Values: Chat history, API switches, server data and commodity data.
- _Source: The source of chat records, API switches, catalog structures and commodity data.
Deepseek officials are quiet
According to Wiz researchers, the attackers can obtain sensitive data of users, including chat messages in flat text format using this gap. There is also a risk of stealing passwords and local files from company servers.
There is no information on whether the leaked data is associated with user accounts or not anonymized or anonymized. Although the vulnerability was closed after the emergence of the incident, the official statement on the issue did not come from Deepseek officials.
