Dataset of Dipsek may face public performance, claiming a cyber security research firm. According to a report, a publicly accessible clickhouse database belonging to Deepsek was discovered, which allowed complete control over its database operation. Additionally, the exposure is also called a large amount of sensitive information including chat history, secret keys, logs and backnd details. It is not clear that the firm reported the case to the Chinese AI firm, and if the exposed dataset has been taken down.
Dataset of Deepsek may have faced a violation
In a blog post, cyber security firm Vij Research revealed that it found a completely open and informal dataset, which had highly sensitive information about the Deepsek platform. The exposed information is said to pose a possible risk for both end users along the AI firm.
The cyber security firm claimed that it intends to assess the external security of the lamp to identify any possible weaknesses, given the increasing popularity of the AI platform. Researchers began by mapping any internet-festing subdomains, but found nothing that could suggest high risk risk.
However, after implementing new techniques, the researchers were able to detect two open ports (8123 and 9000) associated with several public hosts. WIZ Research claimed that these ports publicly took him to the clickhouse database, which could be accessed without any authentication.
In particular, an open-source developed by clickhouse Yandex is a column database management system. It is used for rapid analytical questions and is often used to scan the dark web for data exposed by moral hackers.
A log stream table in the dataset includes more than a million log entries including a timestamp with logs from 6 January, many internal deepsecation applications programming interfaces (APIs) and options, as well as chat history, API Keys, Backnd Details, and Matadetta operating in plain reciting.
Researchers claimed that with this level information, a bad actor can potentially exfiltrate the password, local files and ownership information from the server. At the time of writing it, there was no update on whether this data exposure could be contained and whether the dataset could be taken offline.
