DeepSeek, the Chinese language AI startup identified for its DeepSeek-R1 LLM mannequin, has publicly uncovered two databases containing delicate consumer and operational info.
The unsecured ClickHouse cases reportedly held over one million log entries containing consumer chat historical past in plaintext kind, API keys, backend particulars, and operational metadata.
Wiz Analysis found this publicity throughout a safety evaluation of DeepSeek’s exterior infrastructure.
The safety agency discovered two publicly accessible database cases at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000 that allowed arbitrary SQL queries through an online interface with out requiring authentication.
The databases contained a ‘log_stream’ desk that saved delicate inside logs relationship from January 6, 2025, containing:
- consumer queries to DeepSeek’s chatbot,
- keys utilized by backend techniques to authenticate API calls,
- inside infrastructure and providers info,
- and numerous operational metadata.
Supply: Wiz
“This stage of entry posed a crucial danger to DeepSeek’s personal safety and for its end-users,” feedback Wiz.
“Not solely an attacker might retrieve delicate logs and precise plaintext chat messages, however they might additionally doubtlessly exfiltrate plaintext passwords and native information alongside propriety info immediately from the server utilizing queries like: SELECT * FROM file(‘filename’) relying on their ClickHouse configuration.”
Supply: Wiz
Wiz says it might execute extra intrusive queries however restricted its exploration to enumeration to maintain its analysis inside sure moral constraints.
It’s unknown if Wiz’s researchers had been the primary to find this publicity or if malicious actors have already taken benefit of the misconfiguration.
In any case, Wiz knowledgeable DeepSeek of the matter, and the corporate promptly addressed the publicity, so the databases are not public.
DeepSeek’s safety issues
Aside from all of the issues that come up from DeepSeek being a China-based expertise firm, which means it has to adjust to aggressive knowledge entry requests from the nation’s authorities, the corporate doesn’t seem to have established a stable safety stance, putting delicate knowledge in danger.
The publicity of consumer prompts is a privateness breach that must be very regarding for organizations utilizing the AI mannequin for delicate enterprise operations.
Moreover, the publicity of backend particulars and API keys might give attackers a approach into DeepSeek’s inside networks, privilege escalation, and doubtlessly larger-scale breaches.
Earlier this week, the Chinese language platform was focused by persistent cyberattacks, which it appeared unable to thwart, forcing it to droop new consumer registrations for practically 24 hours.