Introduction
DeepSeek [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13], a Chinese generative AI platform [9], recently faced a significant security breach due to an exposed backend database. This incident highlights the vulnerabilities associated with rapidly adopting AI technologies without adequate security measures.
Description
DeepSeek encountered a significant security vulnerability involving an exposed backend database that leaked sensitive information, including user chat histories [6] [10] [11], API keys [4] [6] [7] [8] [10] [11] [12] [13], and operational details [2] [4] [5] [6] [7] [10] [12], to the internet [9] [11]. This misconfigured ClickHouse database, discovered by cybersecurity researchers from Wiz during routine reconnaissance, was publicly accessible and contained over a million unencrypted records, including system logs and user prompt submissions [9]. Wiz noted that the database was easily discoverable, with researchers stating it was “at the front door,” requiring no extensive scanning to find. Wiz was able to interact with the database through ClickHouse’s HTTP interface [3], revealing accessible datasets [3] [5], including a “log_stream” table with sensitive information [3]. The database [2] [3] [5] [7] [8] [9] [10] [11] [12] [13], hosted on two subdomains—oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000—required no authentication, allowing unrestricted access to its contents [10] [11]. Wiz identified unusual open ports, specifically 8123 and 9000, which led to two unauthenticated ClickHouse database instances [4], enabling full control over sensitive internal data.
Among the exposed information were logs of user interactions with DeepSeek’s large language models, DeepSeek-R1-Zero and DeepSeek-R1 [8], as well as API keys that could grant unauthorized access to internal services [4]. The database also contained extensive logs with plaintext chat messages, primarily in Chinese [11], which were easily translatable [11], along with operational metadata [7] [9]. This poses critical risks [7] [8], as attackers could potentially exfiltrate sensitive information [7], including passwords and local files, directly from the server [7]. The open web interface further enabled privilege escalation, allowing unauthorized retrieval of sensitive logs and chat messages.
Following the disclosure of the issue, DeepSeek promptly secured the exposure within half an hour, mitigating immediate risks to its AI products [12]. However, it remains unclear if any unauthorized access occurred prior to the lockdown or how long the database was exposed [9]. The incident underscores the challenges of securing generative AI systems [12], particularly regarding accidental external exposure of databases [12]. Wiz published its findings in a report dated January 29 [6], emphasizing that the rapid adoption of AI services without adequate security measures presents inherent risks [7] [8]. IT professionals are cautioned against hastily adopting new AI products without thorough vetting [12], as this can expose sensitive data to untested systems [12].
Wiz’s CTO [5], Ami Luttwak [5], underscored the severity of the oversight, indicating that the service is not yet mature enough to handle sensitive data safely [5]. The industry must recognize the importance of enforcing security measures comparable to those required for major infrastructure providers as AI becomes more integrated into business operations [7]. Additionally, concerns have been raised regarding DeepSeek’s privacy policy [4], which confirms that all user interactions are stored on servers in China [4], increasing the risk of government access under local data-sharing laws [4]. The exposure has raised alarms regarding cybersecurity in the AI sector [9], with independent security experts highlighting the risks associated with operational data being accessible to anyone online [9]. DeepSeek has already faced large-scale malicious attacks that disrupted its services [8], underscoring the urgency to secure its infrastructure and services [8].
To address data privacy concerns [12], organizations are advised to consider self-hosted models, implement strict access controls [12], data encryption [12], and network segmentation [12], while maintaining visibility and governance over their AI systems to analyze various risks [12], including exposure of sensitive data and vulnerabilities in AI SDKs [12]. The US Navy has also issued warnings to its personnel against using DeepSeek’s services due to potential security and ethical concerns [9], further emphasizing the need for robust security measures in the rapidly evolving AI landscape. Moreover, Kela [10], an Israeli cybersecurity firm [10], has noted that DeepSeek’s R1 model is significantly more vulnerable to being jailbroken compared to OpenAI’s ChatGPT [10], enabling the generation of malicious outputs [10], including ransomware development and instructions for creating harmful substances [10]. This highlights the critical need for AI companies to prioritize security practices as they rapidly grow and integrate into critical infrastructure [10].
As DeepSeek’s AI assistant gains significant traction [2], surpassing OpenAI’s ChatGPT in downloads on the Apple App Store [2], concerns have been raised by tech giants like Microsoft and OpenAI regarding the sustainability of DeepSeek’s business model and its potential reliance on proprietary technology from OpenAI.
Conclusion
The DeepSeek security breach underscores the critical need for robust security measures in the rapidly evolving AI landscape. Organizations must prioritize data privacy and implement comprehensive security protocols to mitigate risks. The incident serves as a cautionary tale for the AI industry, emphasizing the importance of securing sensitive data and ensuring the maturity of AI services before widespread adoption.
References
[1] https://economictimes.indiatimes.com/tech/artificial-intelligence/sensitive-deepseek-data-exposed-to-web-cyber-firm-wiz-report/articleshow/117716267.cms
[2] https://english.mathrubhumi.com/news/world/chinese-startup-deepseek-sensitive-data-breach-wiz-report-1.10297432
[3] https://www.digitaltrends.com/computing/leaky-deepseek-database-discovered/
[4] https://cyberinsider.com/deepseek-ai-exposed-over-1m-chat-history-logs-and-api-keys/
[5] https://arstechnica.com/security/2025/01/report-deepseeks-chat-histories-and-internal-data-were-publicly-exposed/
[6] https://www.infosecurity-magazine.com/news/deepseek-database-leaks-sensitive/
[7] https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
[8] https://www.techtarget.com/searchSecurity/news/366618594/Wiz-reveals-DeepSeek-database-exposed-API-keys-chat-histories
[9] https://www.wired.com/story/exposed-deepseek-database-revealed-chat-prompts-and-internal-data/
[10] https://cyberscoop.com/deepseek-ai-security-issues-wiz-research/
[11] https://techcrunch.com/2025/01/30/deepseek-exposed-internal-database-containing-chat-histories-and-sensitive-data/
[12] https://www.techrepublic.com/article/deepseek-wiz-research-database-leak/
[13] https://www.engadget.com/ai/security-researchers-found-a-big-hole-in-deepseeks-security-163536961.html
