Chinese AI DeepSeek keeps everyone’s attention—news about a data leak was as loud as its release. Over a million log lines became accessible; the breach also enabled privilege escalation. Simultaneously, Kenya’s governmental body leaked over 2 million records. Without many words, let’s dive in!

At the end of January, specialists from Wiz Research detected vulnerabilities in DeepSeek’s databases. Large troves of data were exposed. They contained over a million log records, including chat history, secret keys, backend details, and other sensitive information. Moreover, researchers were able to gain full control over database operations.

According to the report, researchers detected two open ports, which led to an unprotected database. It was accessible without any authentication. Even more, analysts managed to directly execute SQL queries via the browser and obtain the full list of accessible datasets with the help of the SHOW TABLES query. Thereby, researchers gain access to the log_stream database. It contained more than 1 million log records, including such important record groups as:

• Logs dating from January 6, 2025 
• References to various internal DeepSeek API endpoints
• Plaintext logs, including Chat History, API Keys, backend details, and operational metadata 
• Indicators on which DeepSeek service generated the logs 
• Indications on the origin of log requests, containing Chat History, API Keys, directory structures, and chatbot metadata logs.

According to Wiz Research’s statement, such a level of access was a critical threat to the security of DeepSeek and its users. This breach could potentially be escalated to the extraction of other sensitive logs, chat messages, and proprietary data from servers.

This incident highlights that a lot of danger comes from AI engines not only in the form of some kind of Skynet-type threat, but also in the face of ordinary security risks connected to the service’s infrastructure and supporting tools. All in all, the nature of GenAI solutions operating process is connected to the large volumes of data, and this information must be reliably protected. This incident is evidence that fundamental risks to security, such as an accidental exposure, are always possible. Taking all the required measures for countering such threats must be among the top priority when developing and exploiting such tools. Про пользователей.

This is not the first and not the last case of data leaks from AI engines. Anyone who uses them should remember basic safety rules. Safety awareness is a foundation of reliable cybersecurity.

On the night of 31st January, the Kenyan Business Registration Service (BRS) became a victim of a data breach.As a result of this incident, stolen data appeared on the dark web. A preliminary investigation says that sensitive details of 2 million companies were exfiltrated by criminals.

The BRS is responsible for company registration in Kenya. This is one of the most data-rich governmental bodies, which collects large volumes of sensitive business data.

The breach became public after exposure on social media. Internet users were surprised that sensitive data related to the business entities, which were registered in Kenya between 2015 and 2021, was freely available. The leaked data set included such confidential data as:

• Company ownership structure
• Share distribution
• Names and details of directors and beneficial owners
• National ID numbers
• Contact information
• Business affiliations.

Therefore, such a set of data provides an ability to track individual persons and their financial activities. In a short time after the discovery of the data breach, the official BRS’s database was shut down.

The BRS noticed the official statement. The organization admitted the existence of a data breach and informed about the launch of an investigation.

There are rumors that this incident involved the insider. In support of this theory, it’s worth noting that criminals straightly extracted the data from databases and put it on the dark web. Hackers didn’t make any attempts to encrypt data and demand a ransom. The stolen data can be used for further cybercrimes:

• Identity theft: Cybercriminals could use leaked PII for fraudulent financial activities
• Corporate espionage: Competitors can access sensitive company ownership details
• Blackmail and extortion: Private business records could be exploited for illicit gain
• Phishing attacks: Scammers may use leaked emails and contact information for targeted fraud.

Insider related incidents involvement is a covert and subtle threat. Internal threats are among the major security challenges, endangering sensitive data, which must be addressed by a sophisticated and robust information security policy.