DeepSeek exposes sensitive user data due to unsecured databases

Chinese AI startup DeepSeek exposed sensitive user and operational data through unsecured ClickHouse database instances.

What happened

Chinese AI startup DeepSeek, known for its DeepSeek-R1 LLM model, inadvertently exposed sensitive user and operational data through two publicly accessible ClickHouse database instances. Security researchers at Wiz discovered the misconfiguration, which left over a million log entries—including user chat history, API keys, backend system details, and operational metadata—unprotected. 

Going deeper

During a security assessment of DeepSeek’s external infrastructure, Wiz Research identified two unsecured ClickHouse instances at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000. These databases permitted arbitrary SQL queries via a web interface without requiring authentication, allowing anyone to access highly sensitive information.

The databases contained a ‘log_stream’ table with internal logs dating back to January 6, 2025, including:

• User queries to DeepSeek’s chatbot stored in plaintext,
• API keys used for backend authentication,
• Information on internal infrastructure and services,
• Various operational metadata.

It remains unclear whether Wiz’s team was the first to detect this security lapse or if malicious entities had already exploited the exposed databases.

Read also: What is the OCR's Security Risk Assessment Tool?

What was said

According to Wiz, this level of exposure posed a severe security risk to both DeepSeek and its users. “Not only could an attacker retrieve sensitive logs and actual plaintext chat messages, but they could also potentially exfiltrate plaintext passwords and local files along with proprietary information directly from the server,” Wiz explained. Researchers also noted that depending on ClickHouse's configuration, malicious actors could exploit the system further using queries such as SELECT * FROM file('filename') to access local files. However, Wiz limited its investigation to enumeration to maintain ethical boundaries.

Recognizing the gravity of the situation, Wiz emphasized the significant security risks posed by the exposed data. “This level of access posed a critical risk to DeepSeek’s own security and for its end-users,” the research team noted.

Following Wiz’s disclosure, DeepSeek swiftly secured the databases, ensuring they were no longer publicly accessible.

Read also: How to respond to a suspected HIPAA breach

In the know

DeepSeek is a Chinese artificial intelligence company specializing in large language models (LLMs) and natural language processing (NLP) solutions. The company developed DeepSeek-R1, a proprietary LLM designed to provide advanced chatbot functionalities and AI-powered text generation. DeepSeek aims to compete with global AI leaders by offering high-performance AI models for various applications, including customer support, content generation, and enterprise automation. Despite its technological advancements, recent security vulnerabilities have raised concerns about its data protection measures.

See also: Artificial Intelligence in healthcare

Why it matters

The leakage of backend details and API keys could have provided attackers with an entry point into DeepSeek’s internal network, paving the way for further exploitation.

What does this mean

While DeepSeek acted swiftly to address this latest security flaw, the exposure of user data and backend credentials raises pressing concerns about the company’s cybersecurity posture. As AI technologies continue to gain traction, ensuring the security and privacy of user data must remain a top priority for companies in this space.

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

How can companies prevent security breaches?

Companies can prevent security breaches by implementing strong encryption, multi-factor authentication, regular security audits, and employee cybersecurity training.

Why is cybersecurity important for AI companies?

AI companies process vast amounts of user data, making them prime targets for cyberattacks. Strong security practices protect user privacy and company integrity.

What are some common signs of a security vulnerability?

Common signs include exposed sensitive information, unauthorized access logs, unencrypted data, and publicly accessible databases.