DeepSeek database reveals millions of chat histories and other records are vulnerable to leak

An investigation by security firm Wiz revealed that a database owned by AI company DeepSeek had a bug that allowed anyone to access it. DeepSeek has reportedly fixed the issue.

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak

DeepSeek announced its inference model 'R1' in January 2024, surprising the world with its high performance and low development costs.

Chinese AI company releases OpenAI o1 equivalent inference model 'DeepSeek R1' under MIT license for commercial use and modification - GIGAZINE

As R1 became widely used, the security firm Wiz began investigating DeepSeek's security. They discovered that DeepSeek's database, built with the open source ClickHouse , had a vulnerability that allowed anyone with the necessary knowledge to access it and extract highly confidential information, such as user chat history and API private keys.

Wiz began by evaluating publicly accessible DeepSeek domains and identified approximately 30 domains hosting API documentation and chat services. While these domains did not pose any particular security concerns, Wiz expanded his search beyond standard HTTP ports (80/443) and discovered two unusual open ports (8123/9000). Further investigation revealed that these ports led to publicly accessible ClickHouse databases, accessible without authentication.

Leveraging Clickhouse's interface, Wiz was able to execute arbitrary SQL queries directly, displaying a full list of accessible datasets. One table that stood out was 'log_stream,' which contained highly sensitive data. Upon examining this table, he discovered that it contained over one million logs, including DeepSeek API keys and chat history.

Additionally, it appears that an external user could have gained full control of a database within the DeepSeek environment without authentication, potentially escalating their privileges.

'This case poses a significant risk to both DeepSeek and its users. Not only could an attacker obtain sensitive logs and chat history, but they could also execute specific queries to exfiltrate local files along with user passwords,' Wiz said.

This is not the first time Wiz has reported an AI-related security incident.

In 2023, it was reported that 30TB of sensitive information, including employee backups, was accessed from a repository of AI learning models published by Microsoft's AI research division.

Microsoft's AI research division revealed that 38TB of internal confidential data was leaked via Microsoft Azure - GIGAZINE

In 2024, a vulnerability was reported that could allow malicious AI models to be run on Hugging Face, allowing them to infiltrate the company's systems.

Security company warns that running untrusted AI models could lead to intrusions into systems - GIGAZINE

'No other technology in the world is being adopted at such a rapid pace, and many AI companies are rapidly becoming critical infrastructure providers without implementing basic security measures,' said Wiz. 'When it comes to AI security, many people focus on futuristic threats, but the real danger often comes from fundamental risks like accidental database exposure. These fundamental security risks should remain a top priority for security teams.'