Security researchers at Wiz Research have uncovered a significant vulnerability in DeepSeek's infrastructure. The vulnerability exposes sensitive data, including chat histories and API keys, through an unsecured database.
The Chinese AI startup, trending on the internet for its DeepSeek-R1 reasoning model, left a ClickHouse database publicly accessible without authentication requirements.
The exposed database, discovered in January 2025, contained over one million log entries with highly sensitive information.
The vulnerability was found on two domains — oauth2callback.deepseek.com and dev.deepseek.com — operating on ports 8123 and 9000. These domains allow unrestricted access to internal data through the database's HTTP interface.
"We found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data."- Wiz wrote, "This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details."
"The exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world."
The security flaw enabled potential access to chat histories, API secrets, backend details, and operational metadata. More critically, the exposure allowed full database control and could have enabled privilege escalation within DeepSeek's environment. The researchers found that unauthorized users could potentially execute arbitrary SQL queries through the database's /play path.
Following responsible disclosure protocols, Wiz Research immediately notified DeepSeek of the vulnerability, which the company promptly addressed by securing the database.
Wiz Research is not alone in finding flaws in DeepSeek. Yesterday, X users @h4x0r_dz claimed to discover a critical vulnerability that could allow attackers to access your database exposing sensitive data including API KEYS. This may be another exposed API or database or an SQLi vulnerability. The user has confirmed that DeepSeek has fixed the issue, but the authenticity of the claim is yet to be verified.
The @deepseek_ai team fixed the vulnerability https://t.co/fqFiCyWfVZ
— H4x0r.DZ (@h4x0r_dz) January 29, 2025
The exposure is particularly noteworthy given DeepSeek's position as a rising competitor to leading AI systems. It underscores the crucial need for AI companies to implement robust security frameworks as they handle increasingly sensitive user data.
The researchers emphasize that as AI technology becomes more deeply integrated into business operations worldwide, companies must prioritize security practices on par with established cloud and infrastructure providers. This incident serves as a reminder that rapid technological advancement must be balanced with strong security measures to protect user data.