DeepSeek Database Leaked – Full Control Over DB Secret keys, Logs & Chat History Exposed

A security vulnerability in DeepSeek, a prominent Chinese AI startup, exposed a publicly accessible ClickHouse database containing highly sensitive information, including over a million lines of log streams.

The breach, which included chat logs, API keys, backend details, and operational metadata, has raised alarms about the security practices of rapidly growing AI startups.

DeepSeek has recently garnered global attention for its flagship AI reasoning model, DeepSeek-R1, which is lauded for its cost-effectiveness and efficiency.

SIEM as a Service

The company’s rapid ascent has placed it alongside industry giants like OpenAI in terms of performance. However, this incident underscores the challenges of maintaining robust security in the fast-moving AI industry.

The database, which was hosted on oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, allowed unrestricted access, enabling unauthorized users to execute SQL queries and view sensitive internal data.

The exposed database, connected to DeepSeek’s backend services, contained over one million log entries.

“This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file(‘filename’) depending on their ClickHouse configuration.”

Key details included chat history from the company’s AI chatbot, plaintext API keys, backend service metadata, and internal directories, all of which were stored in the log_stream table. This exposure posed a serious risk not only to DeepSeek but also to its end-users’ privacy and data security.

How the Breach Was Found

Researchers used standard reconnaissance techniques to map DeepSeek’s external attack surface, initially identifying approximately 30 subdomains.

While most subdomains appeared to be routine hosts of chatbot interfaces, status pages, and documentation, further investigation revealed two open ports (8123 and 9000) leading to the ClickHouse database in the following hosts.

  • http://oauth2callback.deepseek.com:8123  
  • http://dev.deepseek.com:8123  
  • http://oauth2callback.deepseek.com:9000  
  • http://dev.deepseek.com:9000 

ClickHouse is a widely used, open-source, columnar database designed for processing large datasets in real time. Its HTTP interface allowed Wiz researchers to access the /play path and execute SQL commands, revealing the full list of tables stored in the database.

Tables output from ClickHouse Web UI

Among these, the log_stream table stood out for containing highly sensitive data, including plaintext logs of conversations, API secrets, and backend service details.

The lack of authentication on the database not only allowed access to sensitive data but also provided full control over the database.

This could have enabled attackers to execute malicious commands, steal proprietary information, or even escalate privileges within DeepSeek’s environment.

“An attacker with access to this database could exploit it to retrieve plaintext passwords, sensitive server data, and other confidential information,” Wiz Research stated. While the team refrained from executing intrusive queries by ethical research practices, they highlighted the critical nature of the security lapse.

After discovering the vulnerability, Wiz Research promptly informed DeepSeek, which quickly secured the exposed database and addressed the issue. The company has not yet released an official comment on the incident.

This incident highlights the significant risks associated with the rapid adoption of AI technologies. While attention is often focused on futuristic AI threats, such as model manipulation or adversarial attacks, this breach underscores the importance of addressing fundamental security risks—like the accidental exposure of sensitive infrastructure.

“As organizations race to adopt AI, the security frameworks designed to safeguard sensitive data are often overlooked,” said a spokesperson for Wiz Research. “This incident serves as a wake-up call for the entire industry.”

The DeepSeek database breach is a stark reminder of the critical importance of security in the AI space. As AI technologies become deeply embedded in businesses worldwide, startups and established companies alike must prioritize building secure infrastructures.

Without proper safeguards, sensitive user data and proprietary information remain at risk, threatening individual companies and the broader trust in AI ecosystems.

Collect Threat Intelligence with TI Lookup to Improve Your Company’s Security - Get 50 Free Request

Balaji N
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.