New York-based cloud security startup Wiz, announced that it has identified a publicly accessible ClickHouse database belonging to DeepSeek, granting full control over database operations, including access to internal data.Â
This exposure contains over a million lines of log streams with sensitive information, such as chat histories, secret keys, and backend details. The Wiz Research team responsibly disclosed this issue to DeepSeek, which promptly took action to secure the exposed data.
Developed by Yandex, ClickHouse is an open-source, columnar database management system designed for fast analytical queries on large datasets. It is used for real-time data processing, log storage, and big data analytics, making it a valuable and sensitive tool.
Based out of Hangzhou, China, DeepSeek is an AI company that has launched the DeepSeek-R1 reasoning model, rivalling OpenAI’s o1 in performance and cost-efficiency.
Wiz uncovered ClickHouse database
During the external security posture assessment of DeepSeek, the US company claims to have found a publicly accessible ClickHouse database linked completely open and unauthenticated, exposing sensitive data.
“It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000,” says Wiz in its blog.
This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details.
According to Wiz, the exposure provided complete control over the database and the possibility of privilege escalation within the DeepSeek environment, with no authentication or protective measures against outside threats.
Wiz began their reconnaissance by examining the publicly available domains of DeepSeek.
Utilising both passive and active techniques, they identified approximately 30 internet-facing subdomains. Most subdomains appeared harmless, including the chatbot interface, status page, and API documentation.
However, when they expanded their search beyond standard HTTP ports (80 and 443), they discovered two unusual open ports (8123 and 9000) on the following hosts:
– http://oauth2callback.deepseek.com:8123
– http://dev.deepseek.com:8123
– http://oauth2callback.deepseek.com:9000
– http://dev.deepseek.com:9000
“This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file(‘filename’) depending on their ClickHouse configuration,” says the company.
01
From employee advocacy to social selling: Oktopost founder Daniel Kushner on the future of B2B marketing