Image by File Santilàn, from Unsplash
DeepSeek Data Breach: 1 Million Logs, Chat History, And Keys Exposed
Reading time: 2 min
Posted on Jan 31, 2025
-
![Kiara Fabbri]()
-
![Justyn Newman]()
Fact-Checked by Justyn Newman Lead Cybersecurity Editor
A publicly accessible database belonging to the Chinese AI company DeepSeek has been found leaking sensitive information, including private chat history and secret keys.
In a Rush? Here are the Quick Facts!
- Over one million lines of sensitive data, including chat history and API keys, were exposed.
- The database used ClickHouse, an open-source data management system, for real-time processing.
- Wiz Research alerted DeepSeek, which secured the exposure after being informed.
Researchers from Wiz Research discovered that the exposed database could be accessed by anyone without any authentication, making it vulnerable to potential security breaches.
DeepSeek, known for its innovative AI models, particularly the cost-effective DeepSeek-R1 reasoning model, recently gained attention in the AI industry for its impressive performance.
However, Wiz Research’s investigation revealed a concerning security flaw that allowed full access to DeepSeek’s database, which included more than a million lines of sensitive log data.
The database, hosted at two addresses—oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000—was discovered through a routine security check of the company’s publicly facing websites.
The database was running on an open-source system called ClickHouse, which is commonly used for fast data processing. Unfortunately, this made the data highly accessible and easy to exploit for anyone with technical knowledge.
Among the sensitive information exposed in the database were logs of user chat history, API keys, backend data, and even internal operational details. These logs included personal information, plain-text chat messages, and data about DeepSeek’s internal systems.
This kind of data could have been used by attackers to access user accounts, steal passwords, or tamper with the company’s operations.
While Wiz Research immediately reported the exposure to DeepSeek, the company took swift action to secure the vulnerability. The incident highlights the ongoing risk that many AI companies face as they rapidly scale their services without fully addressing security concerns.
Wiz Research’s discovery serves as a reminder that, while AI technologies continue to advance, the infrastructure supporting them must also be secured. As AI companies grow and handle more sensitive data, the industry needs to ensure that proper security measures are in place to protect users and their information from exposure.
Previous Story
Latest articles 
Leave a Comment
Cancel