Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world.

Not only that, this was a "production-grade" database with millions of users using it and the app was #1 on the app store and ALL text sent there in the prompts was logged in plain-text?

Unbelievable.



I agree this is really bad but far from unbelievable. I am only 23 and already my SSN and even my freaking DNA have both been leaked by major publicly traded companies.


Plus Volkswagen and Subaru in the last few weeks ...


Plus Volkswagen and Subaru in the last few weeks

Both Volkswagen and Subaru have leaked his DNA in the last few weeks? Dude gets around.


VW is the people's wagon - where do you think those people come from?


On top of SSN and DNA, also the location of the DNA has been leaked.


heeheehee;) i REALLY like cars


You leaked your DNA on which companies?


Is it so strange to have logs in plain text? In my experience most logs at companies are in plain text. Only passwords are usually encrypted.


Did they ever make promises as to confidentiality? What if providing all chat logs with users is just part of their open source / shānzhài attitude ? :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: