customer data – Cybersecurity Watch

DeepSeek Exposes Database With Over 1 Million Chat Records

Jan 31 2025

DeepSeek, a Chinese AI startup, exposed two unsecured databases with over 1 million plaintext chat records, API keys, and operational data. Discovered by Wiz Research during a security assessment, these databases allowed unauthorized access and SQL queries via a web interface. The exposure raises significant security concerns for DeepSeek and its users, as attackers could retrieve sensitive information and potentially exploit the company's internal systems. Wiz reported the issue, prompting DeepSeek to secure the databases promptly.

https://www.bleepingcomputer.com/news/security/deepseek-exposes-database-with-over-1-million-chat-records/

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

cars, customer data, location data

Jan 24 2025

Security researchers discovered vulnerabilities in Subaru’s Starlink service that allowed them to track the locations of millions of cars, gaining access to up to a year's worth of detailed location data, including sensitive personal visits. Sam Curry and Shubham Shah demonstrated flaws that let them hijack car controls and access location histories by exploiting administrative weaknesses in Subaru's system. Though Subaru has since fixed the vulnerabilities, concerns remain about privacy regarding employee access to location data. Similar vulnerabilities have affected multiple automakers, highlighting broader issues in the automotive industry regarding data privacy and security.

https://www.wired.com/story/subaru-location-tracking-vulnerabilities/

Employees Enter Sensitive Data Into GenAI Prompts Too Often

ai, customer data

Jan 19 2025

Employees often input sensitive data into generative AI (GenAI) tools, increasing risks for enterprises, as 8.5% of prompts analyzed contained sensitive information. The categories at risk include customer data (45.77%), employee data (27%), legal/finance (14.88%), and security codes (5.64%). Organizations face a dilemma: adopt GenAI for efficiency or risk exposing sensitive data. Effective governance strategies, such as real-time tracking and employee training, are crucial to mitigative risks while leveraging GenAI's advantages.

https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts

Customer Data From 800,000 Electric Cars and Owners Exposed Online

cars, customer data

Dec 28 2024

Data from 800,000 electric cars owned by Volkswagen, Seat, Audi, and Skoda was exposed online due to misconfigured Amazon cloud storage. The leak revealed detailed vehicle info, including precise location data, notable for its accuracy. Ethical hackers informed Volkswagen's software company, Cariad, of the vulnerability. Although access required technical expertise, some sensitive data was linked to high-profile individuals, raising privacy concerns. Cariad claims the issue was quickly resolved, with no evidence of data misuse by others found.

Customer data from 800,000 electric cars and owners exposed online