DeepSeek, the Chinese AI startup behind the DeepSeek-R1 language model, left two unsecured databases publicly accessible, exposing user chat logs, API keys, backend infrastructure details, and operational metadata.
The security lapse, discovered by Wiz Research, put both DeepSeek and its users at risk.
The exposed ClickHouse databases, located at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, allowed unauthenticated access, enabling anyone to execute SQL queries through a web interface. The compromised “log_stream” table contained sensitive records dating back to January 6, 2025, including:
- User queries to DeepSeek’s chatbot, are stored in plaintext.
- API keys are used for backend authentication.
- Internal infrastructure details and metadata.
Wiz highlighted the severity of the breach, warning that attackers could have exfiltrated plaintext passwords, local files, and proprietary information depending on DeepSeek’s database configuration. While it remains unclear whether malicious actors accessed the data before Wiz’s discovery, DeepSeek has since secured the exposed databases following Wiz’s report.
Beyond this security incident, DeepSeek faces additional concerns due to its location in China, where strict government data access policies raise privacy risks.
Additionally, the company recently struggled to fend off persistent cyberattacks, forcing it to suspend new user registrations for nearly 24 hours. The breach underscores the importance of robust cybersecurity in AI platforms handling sensitive user interactions and operational data.
