DeepSeek’s Database With Chat History and Sensitive Information Leaked, Says Cybersecurity Firm

A cybersecurity firm found a publicly accessible ClickHouse database belonging to DeepSeek that shows internal data.

Advertisement
Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 31 January 2025 19:45 IST
Highlights
  • The leaked data includes over a million lines of log streams
  • It is said to contain chat history, secret keys, and backend details
  • Recently, DeepSeek said that it was hit by a cyberattack
DeepSeek’s Database With Chat History and Sensitive Information Leaked, Says Cybersecurity Firm

The firm said the DeepSeek data could be accessed without any external authentication

Photo Credit: Reuters

DeepSeek's dataset might have suffered public exposure, claimed a cybersecurity research firm. As per a report, a publicly accessible ClickHouse database belonging to DeepSeek was discovered which allowed full control over its database operations. Additionally, the exposure is also said to contain a large volume of sensitive information including chat history, secret keys, log times, and backend details. It is unclear whether the firm reported the matter to the Chinese AI firm, and if the exposed dataset has been taken down.

DeepSeek's Dataset Might Have Suffered a Breach

In a blog post, cybersecurity firm Wiz Research revealed that it found a completely open and unauthenticated dataset that contained highly sensitive information about the DeepSeek platform. The exposed information is said to pose a potential risk to both the AI firm as well as the end users.

The cybersecurity firm claimed that it intended to assess DeepSeek's external security to identify any potential vulnerabilities, given the rising popularity of the AI platform. The researchers started by mapping any Internet-facing subdomains but did not find anything that could suggest a high-risk exposure.

However, after implementing new techniques, the researchers were able to detect two open ports (8123 and 9000) associated with multiple public hosts. Wiz Research claimed that these ports led them to a publicly exposed ClickHouse database which could be accessed without any authentication.

Advertisement

Notably, ClickHouse is an open-source, columnar database management system developed by Yandex. It is used for fast analytical queries and is often used by ethical hackers to scan the dark web for exposed data.

A log stream table in the dataset is claimed to contain more than one million log entries including timestamps with logs from January 6, references to multiple internal DeepSeek application programming interface (API) endpoints, as well as chat history, API Keys, backend details, and operational metadata in plain-text.

Advertisement

The researchers claimed that with this level of information, a bad actor could potentially exfiltrate passwords, local files, and proprietary information directly from the server. At the time of writing this, there was no update on whether this data exposure can be contained and whether the dataset can be taken offline.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Tecno Pova 7 5G, Pova 7 Pro 5G Launched in India: Price, Availability
  2. OTT Releases This Week: Kaalidhar Laapata, Thug Life, The Good Wife, and More
  3. Apple Plans to Launch M5-Powered MacBook Pro This Year: Report
  4. Here's How Much the Vivo X Fold 5 and Vivo X200 FE Might Cost in India
  5. Oppo Reno 14 Pro First Impressions
  6. The Good Wife OTT Release Date: When and Where to Watch it Online?
  7. iPhone 17 Pro Max Tipped to Get a Battery Upgrade Over Its Predecessor
  8. Samsung Galaxy Z Fold 7 Hands-On Images Suggest It Might Sport This Design
  9. Pebble Halo Smart Ring Launched in India With In-Built Digital Display
  10. Tecno Spark 40 Pro+, Spark 40 Pro and Spark 40 Launched: All Details
  1. EA Is Shutting Down BioWare's Anthem Next Year
  2. NxtQuantum Announced as India’s Home-Grown Mobile Operating System, to Debut on AI+ Pulse and Nova 5G
  3. Tecno Pova 7 5G, Pova 7 Pro 5G Launched in India With MediaTek Dimensity 7300 Ultimate SoC
  4. Google Pixel 6a Owners Eligible for $100 Cash or $150 Store Credit Under Battery Performance Programme
  5. Meta AI Chatbots Will Soon Send Users Proactive Follow-Up Messages to Boost Engagement: Report
  6. Android 16’s Live Updates to Show Active Navigation, Ongoing Phone Calls, and More on Lock Screen
  7. Helldivers 2 is Coming to Xbox Series S/X Next Month, Pre-Orders Now Live
  8. Vivo X Fold 5, Vivo X200 FE Price in India Leaked Ahead of Debut on July 14
  9. Samsung Galaxy Z Fold 7 Design Spotted in Leaked Hands-On Images Ahead of July 9 Launch
  10. iPhone 17 Pro Max Could Get a Battery Upgrade Over Its Predecessor; May ‘Reach’ 5,000mAh Capacity
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.