DeepSeek Database Found Leaking Private Sensitive Information , Including Chat History

A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.

DeepSeek Database Found Leaking Private Sensitive Information , Including Chat History

The Discovery: Exposed ClickHouse Database

Wiz Research found a ClickHouse database owned by DeepSeek that is openly accessible without the need for authentication. The database was accessible via open ports at dev.deepseek.com:9000 and oauth2callback.deepseek.com:9000. After further research, it was discovered that the database provided complete operational control and sensitive information, including backend details, chat histories, API keys, and operational logs.

This exposure was especially risky because DeepSeek’s internal data was exposed to anyone who found the open ports due to a lack of security mechanisms and authentication.

The Scope of the Exposure: Sensitive Data at Risk

More than a million log entries, many of which included extremely sensitive information, were found in the ClickHouse database that was made public. This contained operational metadata, internal backend information, API keys, and plaintext chat history.

Anyone who discovered the database had complete access to vital information because the logs were not only comprehensive but also available without any verification.

  • timestamp – Logs dating from January 6, 2025 
  • span_name – References to various internal DeepSeek API endpoints 
  • string.values – Plaintext logs, including Chat HistoryAPI Keys, backend details, and operational metadata 
  • _service – Indicating which DeepSeek service generated the logs 
  • _source – Exposing the origin of log requests, containing Chat History, API Keys, directory structures, and chatbot metadata logs 

Because it contained private conversation logs and secret keys that might be used to compromise DeepSeek’s infrastructure, this disclosure presented serious concerns. This breach was especially worrisome for the organisation and its users due to the volume and sensitivity of the data that was compromised.

How the Vulnerability Was Exploited

Full database control was made possible by the ClickHouse database’s HTTP interface, which was reachable via open ports. We were able to list all of the datasets that were available and locate the log_stream table that contained extremely sensitive data by executing simple SQL queries.

This contained backend information, chat history, and API secrets. Due to the absence of authentication, an attacker might quickly get private logs, execute unauthorised queries, and possibly increase privileges in the DeepSeek environment.

The vulnerability underscored the dangers of unprotected databases in production settings by leaving DeepSeek’s infrastructure open to illegal access and data exfiltration.

Security Implications for AI Startups

This exposure draws attention to a crucial problem for AI businesses such as DeepSeek: security measures may not keep up with rapid progress. As the complexity and popularity of AI technologies increase, so too must the underlying infrastructure be secure.

The hack demonstrates how simple security mistakes, including not protecting databases that are available to the public, can result in significant data dumps. Attackers target AI companies because they frequently handle sensitive user data and proprietary algorithms.

This event emphasises how crucial it is to give security first priority right now, particularly for startups that are growing rapidly and handling enormous volumes of sensitive data.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top