Due to an unsecured database, DeepSeek users’ chat history was accessible via the Internet. A malicious party did not need a password to do so. The issue has since been solved.
This is according to research by Wiz. The flaw was in a ClickHouse database. The sensitive information ended up on the street because a local host was open from the Internet. Malicious parties could, therefore, access the database’s internal data. It exposed more than a million lines of log streams, including chat history, API secrets, backend details and other sensitive information.
Although DeepSeek has solved the issue, it has damaged its reputation. Such a security blunder really shouldn’t occur in a widely available application. Following simple security, best practices prevent open databases.
Dangerous access without authentication
In response to DeepSeek’s rapid popularity, Wiz researchers decided to test the chatbot’s security. They claim the ClickHouse database connected to DeepSeek was found within minutes. The database was fully open and did not ask for authentication.
“This level of access posed a critical risk to DeepSeek’s own security and for its end-users,” Wiz said. “Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries.”
Wiz emphasizes that adopting these AI tools means entrusting sensitive information to startups. Security is often forgotten during rapid adoption when protecting customer data should be a priority. Therefore, Wiz recommends a collaboration between security teams and AI engineers to ensure visibility around architecture, tooling and models.
 
                        