30/01/2025
⤠DeepSeek Database Leaked â Full Control Over DB Secret keys, Logs & Chat History Exposed
A security vulnerability in DeepSeek, a prominent Chinese AI startup, exposed a publicly accessible ClickHouse database containing highly sensitive information, including over a million lines of log streams.
The breach, which included chat logs, API keys, backend details, and operational metadata, has raised alarms about the security practices of rapidly growing AI startups.
DeepSeek has recently garnered global attention for its flagship AI reasoning model, DeepSeek-R1, which is lauded for its cost-effectiveness and efficiency.
The companyâs rapid ascent has placed it alongside industry giants like OpenAI in terms of performance. However, this incident underscores the challenges of maintaining robust security in the fast-moving AI industry.
A security vulnerability in DeepSeek, a prominent Chinese AI startup, exposed a publicly accessible ClickHouse database containing highly sensitive information, including over a million lines of log streams.
The breach, which included chat logs, API keys, backend details, and operational metadata, has raised alarms about the security practices of rapidly growing AI startups.
DeepSeek has recently garnered global attention for its flagship AI reasoning model, DeepSeek-R1, which is lauded for its cost-effectiveness and efficiency.
The companyâs rapid ascent has placed it alongside industry giants like OpenAI in terms of performance. However, this incident underscores the challenges of maintaining robust security in the fast-moving AI industry.
The database, which was hosted on oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, allowed unrestricted access, enabling unauthorized users to execute SQL queries and view sensitive internal data.
The exposed database, connected to DeepSeekâs backend services, contained over one million log entries.
âThis level of access posed a critical risk to DeepSeekâs own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file(âfilenameâ) depending on their ClickHouse configuration.â
Key details included chat history from the companyâs AI chatbot, plaintext API keys, backend service metadata, and internal directories, all of which were stored in the log_stream table. This exposure posed a serious risk not only to DeepSeek but also to its end-usersâ privacy and data security.
How the Breach Was Found
Researchers used standard reconnaissance techniques to map DeepSeekâs external attack surface, initially identifying approximately 30 subdomains.
While most subdomains appeared to be routine hosts of chatbot interfaces, status pages, and documentation, further investigation revealed two open ports (8123 and 9000) leading to the ClickHouse database in the following hosts.
http://oauth2callback.deepseek.com:8123
http://dev.deepseek.com:8123
http://oauth2callback.deepseek.com:9000
http://dev.deepseek.com:9000
ClickHouse is a widely used, open-source, columnar database designed for processing large datasets in real time. Its HTTP interface allowed Wiz researchers to access the /play path and execute SQL commands, revealing the full list of tables stored in the database.
Tables output from ClickHouse Web UI
Among these, the log_stream table stood out for containing highly sensitive data, including plaintext logs of conversations, API secrets, and backend service details.
The lack of authentication on the database not only allowed access to sensitive data but also provided full control over the database.
This could have enabled attackers to execute malicious commands, steal proprietary information, or even escalate privileges within DeepSeekâs environment.
âAn attacker with access to this database could exploit it to retrieve plaintext passwords, sensitive server data, and other confidential information,â Wiz Research stated. While the team refrained from executing intrusive queries by ethical research practices, they highlighted the critical nature of the security lapse.
After discovering the vulnerability, Wiz Research promptly informed DeepSeek, which quickly secured the exposed database and addressed the issue. The company has not yet released an official comment on the incident.
This incident highlights the significant risks associated with the rapid adoption of AI technologies. While attention is often focused on futuristic AI threats, such as model manipulation or adversarial attacks, this breach underscores the importance of addressing fundamental security risksâlike the accidental exposure of sensitive infrastructure.
âAs organizations race to adopt AI, the security frameworks designed to safeguard sensitive data are often overlooked,â said a spokesperson for Wiz Research. âThis incident serves as a wake-up call for the entire industry.â
The DeepSeek database breach is a stark reminder of the critical importance of security in the AI space. As AI technologies become deeply embedded in businesses worldwide, startups and established companies alike must prioritize building secure infrastructures.
Without proper safeguards, sensitive user data and proprietary information remain at risk, threatening individual companies and the broader trust in AI ecosystems.
