- Have a .gov email address? You can get Perplexity Pro free for a year - here's now
- Mistral AI says its Small 3 model is a local, open-source alternative to GPT-4o mini
- Timeline of HPE’s $14 billion bid for Juniper
- Important Updates Announced for Merchants Validating to Self-Assessment Questionnaire A
- The smartwatch I'm most excited for in 2025 isn't an Apple Watch or Google Pixel
DeepSeek Exposed Database Leaks Sensitive Data
DeepSeek, the latest AI chatbot provider out of China, has quickly come under scrutiny from cybersecurity experts who recently found an infrastructure vulnerability relating to the firm’s AI database.
Researchers from cloud security firm Wiz uncovered an exposed database leaking sensitive data including chat histories, API keys and backend operational details.
The Wiz Research team disclosed the issue to DeepSeek and the Chinese firm promptly secured the exposure.
Wiz shared its findings in a January 29 report.
DeepSeek Sensitive Input Information Exposed
The exposed DeepSeek database was a ClickHouse setup. ClickHouse is a column-oriented database management system designed for online analytical processing (OLAP) when handling large volumes of data.
While DeepSeek released its R1 reasoning LLM, Wiz analyzed the Chinese startup’s external security posture and searched for potential vulnerabilities.
The research team quickly identified a publicly accessible ClickHouse database, completely open and unauthenticated, hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000.
Typically, a ClickHouse database should only be accessible internally by the firm using it.
Using ClickHouse’s HTTP interface, Wiz accessed the /play path, which allowed direct execution of arbitrary SQL queries via a web browser. A simple SHOW TABLES; query returned a complete list of accessible datasets.
The database held a substantial amount of chat history, backend data and sensitive information, such as log streams, API keys and operational details.
Additionally, the exposure allowed complete control over the database and potential privilege escalation within the DeepSeek environment, all without any authentication or defense mechanisms to protect it from external access.
“Not only could an attacker retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file(‘filename’) depending on their ClickHouse configuration,” the Wiz researchers noted.
Wiz refrained from executing intrusive queries and limited actions to enumeration only.
Data Privacy Concerns Surrounding DeepSeek’s LLMs
The researchers concluded their report by emphasizing that while AI security often focuses on futuristic threats, it should not overlook current dangers.
These often stem from basic risks, such as the accidental external exposure of databases.
The Wiz findings come as DeepSeek and its LLMs are increasingly raising data privacy concerns across Western countries, with the White House and the Italian Data Protection Authority already investigating the Chinese startup.
On January 29, another Chinese tech company, Alibaba, released a new LLM, Qwen 2.5-Max, that it claims outperforms DeepSeek’s AI models.
Photo credit: Solen Feyissa/Unsplash
