
Source: Wiz Research
Wiz Research has uncovered a major security lapse in DeepSeek, a Chinese AI startup, exposing a database containing sensitive user information and internal data. The exposed ClickHouse database, accessible without authentication, contained over a million log entries, including chat history, API keys, backend details, and other sensitive information.
The database was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, completely open and unauthenticated. This allowed direct execution of arbitrary SQL queries via the browser, exposing a significant volume of sensitive data.
The exposed data included:
- Chat history: Plaintext logs of user conversations with the DeepSeek AI models.
- API keys: Secret keys used for accessing and interacting with the DeepSeek API.
- Backend details: Internal information about DeepSeek’s infrastructure and operations.
- Operational metadata: Logs and details about DeepSeek’s internal processes.
The exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world. Attackers could have potentially exfiltrated plaintext passwords and local files along with proprietary information directly from the server.
Wiz Research immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure. As AI models become more sophisticated and widely used, it is crucial for developers and organizations to prioritize security and privacy to protect user data and prevent potential misuse.