Wiz uncovers DeepSeek data leak: Over a million sensitive logs, including chat history, exposed

|

|

Last update:

New York-based cloud security startup Wiz, announced that it has identified a publicly accessible ClickHouse database belonging to DeepSeek, granting full control over database operations, including access to internal data. 

This exposure contains over a million lines of log streams with sensitive information, such as chat histories, secret keys, and backend details. The Wiz Research team responsibly disclosed this issue to DeepSeek, which promptly took action to secure the exposed data.

Developed by Yandex, ClickHouse is an open-source, columnar database management system designed for fast analytical queries on large datasets. It is used for real-time data processing, log storage, and big data analytics, making it a valuable and sensitive tool.

Based out of Hangzhou, China, DeepSeek is an AI company that has launched the DeepSeek-R1 reasoning model, rivalling OpenAI’s o1 in performance and cost-efficiency.

Wiz uncovered ClickHouse database

During the external security posture assessment of DeepSeek, the US company claims to have found a publicly accessible ClickHouse database linked completely open and unauthenticated, exposing sensitive data.

“It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000,” says Wiz in its blog. 

This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details. 

According to Wiz, the exposure provided complete control over the database and the possibility of privilege escalation within the DeepSeek environment, with no authentication or protective measures against outside threats. 

Wiz began their reconnaissance by examining the publicly available domains of DeepSeek. 

Utilising both passive and active techniques, they identified approximately 30 internet-facing subdomains. Most subdomains appeared harmless, including the chatbot interface, status page, and API documentation.

However, when they expanded their search beyond standard HTTP ports (80 and 443), they discovered two unusual open ports (8123 and 9000) on the following hosts:

– http://oauth2callback.deepseek.com:8123  

– http://dev.deepseek.com:8123  

– http://oauth2callback.deepseek.com:9000  

– http://dev.deepseek.com:9000  

“This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file(‘filename’) depending on their ClickHouse configuration,” says the company. 

Topics:

Follow us:

Vigneshwar Ravichandran

Vigneshwar has been a News Reporter at Silicon Canals since 2018. A seasoned technology journalist with almost a decade of experience, he covers the European startup ecosystem, from AI and Web3 to clean energy and health tech. Previously, he was a content producer and consumer product reviewer for leading Indian digital media, including NDTV, GizBot, and FoneArena. He graduated with a Bachelor's degree in Electronics and Instrumentation in Chennai and a Diploma in Broadcasting Journalism in New Delhi.

Partner eventsMore events

Current Month

02apr(apr 2)8:00 am04(apr 4)6:00 am0100 Europe 2025

Share to...