DeepSeek AI, a rapidly growing Chinese AI startup, exposed a database containing over one million sensitive records, including user chat histories and API keys, which were accessible without authentication.
User chat histories: These log entries were available in plaintext and included conversations held by users, raising concerns about privacy violations.
API keys: The leaked API keys potentially allowed unauthorized access to various services associated with DeepSeek, which could lead to further exploitation.
System logs: Backend data that can provide insights into internal operations and configurations, making the system vulnerable to targeted attacks.
Confidential user data: This could include personal information of users that could be misused for identity theft or other malicious purposes.
Wiz Research discovered a publicly accessible ClickHouse database owned by DeepSeek, allowing full database operations without authentication, possibly via its HTTP interface.
- Initially, the issue was identified by DeepSeek, and a fix was implemented as of January 28, 2025.
- DeepSeek has addressed the security breach following outreach from Wiz, a cloud security firm, but it remains unclear if any data was accessed or downloaded prior to the fix.
- Updates about the situation were provided regularly, showing the steps taken, including identification of the problem and ongoing monitoring.
- As of January 31, 2025, the situation is being closely monitored for any further issues.
The Open ClickHouse database was hosted at two addresses, auth2callback.deepseek.com:9000 and dev.deepseek.com:9000.
At least two unusual open ports (8123 and 9000) were identified during reconnaissance that led to the database access.
Researchers were able to execute arbitrary SQL queries on the database and retrieved sensitive data, raising significant security concerns.
Sensitive information, including API secrets and operational metadata, was jeopardized, raising concerns about potential exploitation by malicious actors.
The incident has spurred discussions about the inherent risks associated with AI and the importance of prioritizing data protection within AI development, as stated by Wiz’s security researcher Gal Nagli.
Reports indicate that the compromised database remained unsecured for almost a week before being discovered, emphasizing a growing trend in data security vulnerabilities.
OpenAI has expressed concerns that DeepSeek may have inappropriately utilized its models, adding another layer of complexity to the breach’s implications.
