DeepSeek, the latest AI chatbot provider out of China, has quickly come under scrutiny from cybersecurity experts who recently found an infrastructure vulnerability relating to the firm’s AI database.
Researchers from cloud security firm Wiz uncovered an exposed database leaking sensitive data including chat histories, API keys and backend operational details.
The Wiz Research team disclosed the issue to DeepSeek and the Chinese firm promptly secured the exposure.
Wiz shared its findings in a January 29 report.
DeepSeek Sensitive Input Information Exposed
The exposed DeepSeek database was a ClickHouse setup. ClickHouse is a column-oriented database management system designed for online analytical processing (OLAP) when handling large volumes of data.
While DeepSeek released its R1 reasoning LLM, Wiz analyzed the Chinese startup’s external security posture and searched for potential vulnerabilities.
The research team quickly identified a publicly accessible ClickHouse database, completely open and unauthenticated, hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000.
Typically, a ClickHouse database should only be accessible internally by the firm using it.
Using ClickHouse’s HTTP interface, Wiz accessed the /play path, which allowed direct execution of arbitrary SQL queries via a web browser. A simple SHOW TABLES; query returned a complete list of accessible datasets.
The database held a substantial amount of chat history, backend data and sensitive information, such as log streams, API keys and operational details.
No tags.
