Wiz Research researchers have discovered a critical vulnerability in the DeepSeek system, a publicly available database that contained over a million records with sensitive information, including chat history, API keys, and backend details. This was reported by IZ with reference to Wiz.
Data leak without any protection
The Wiz Research team found a publicly open ClickHouse database during its cybersecurity analysis of the Chinese AI startup DeepSeek. It was completely unprotected and allowed any operations to be performed without authentication. The database was located at two addresses:
- oauth2callback.deepseek.com:9000
- dev.deepseek.com:9000
According to experts, the leak contained users' chat history, secret keys, internal API requests, and other important operational details. In addition, open access allowed for full control over the database, which created significant risks to data security.
How the researchers found the vulnerability
Wiz Research began analyzing DeepSeek's public domains using passive and active subdomain detection techniques. They found about 30 subdomains, most of which did not pose a serious threat.
However, further analysis of open ports revealed unusual activity on ports 8123 and 9000, which led the researchers to the unsecured ClickHouse database. Using a standard SQL SHOW TABLES query; they were able to obtain a list of tables and found a particularly vulnerable section called log_stream.
This table contained over a million logs, including:
- Timestamps – Dates and times of entries starting on January 6, 2025
- API Requests – Internal calls to the DeepSeek API
- Log Content – Open text messages, including chat history and sensitive information
- Data about the origin of the requests– Information about log sources and user interaction with DeepSeek services
Potential threats
The lack of authentication opened the door for attackers to access sensitive data or even modify information in the database. In the worst-case scenario, this could have led to a large-scale leak of users’ private conversations or the compromise of DeepSeek’s systems.
The Wiz Research team responsibly notified the company about the problem, after which DeepSeek urgently closed access to the database.
This incident once again proved that the rapid development of AI services often outpaces the implementation of proper security measures. Although the main emphasis in discussions about artificial intelligence security is on sophisticated cyberattacks, the most critical threats often arise from basic errors, such as accidentally opening databases.
Companies working with AI need to pay more attention to cybersecurity, as they process huge amounts of confidential data. Involving security experts at the product development stage should become a standard for the entire industry to avoid similar incidents in the future.
In previous articles, we reported on the Chinese chatbot DeepSeek was blocked in Europe: what is the reason?