DeepSeek exposed internal database containing chat histories and sensitive data | TechCrunch
techcrunch.com
The internal DeepSeek database was exposed to the internet without a password.

Summary

Chinese AI company DeepSeek exposed an unprotected database containing over a million unencrypted chat logs, API keys, and other sensitive data.

Security researchers at Wiz discovered the vulnerability and alerted DeepSeek, which promptly took the database offline.

It’s unclear how long the data was exposed or if others accessed it before Wiz.

DeepSeek, which gained viral popularity since its December launch, has not commented.

  • Corngood
    6·
    1 day ago

    It wasn’t at rest according to the blog post:

    we found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data. It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000.

    So probably either a service that was meant to be bound on loopback or a firewall issue.

    I guess that shows how dangerous it is to have something secured by the ‘nobody should be able to access this port’ method.