DeepSeek’s dataset may have been exposed to the public, according to a cybersecurity research firm. A report indicates that an openly accessible ClickHouse database belonging to DeepSeek was uncovered, which permitted complete control over its database activities. Furthermore, the exposure is said to include a significant amount of sensitive data such as chat history, secret keys, log timestamps, and backend information. It remains uncertain if the firm has notified the Chinese AI company about the issue, or if the exposed dataset has been removed.
DeepSeek’s Dataset Might Have Suffered a Breach
In a blog entry, the cybersecurity company Wiz Research disclosed that it discovered an entirely open and unauthenticated dataset containing highly sensitive details about the DeepSeek platform. The revealed information is reported to present a potential threat to both the AI firm and its end users.
The cybersecurity organization stated that it aimed to evaluate DeepSeek’s external security to pinpoint any possible vulnerabilities, considering the increasing popularity of the AI platform. The researchers initiated their work by mapping any internet-facing subdomains but did not encounter anything that might indicate a significant risk exposure.
Nevertheless, following the use of new techniques, the researchers managed to identify two open ports (8123 and 9000) linked to several public hosts. Wiz Research asserted that these ports directed them to a publicly exposed ClickHouse database that could be accessed without any form of authentication.
Importantly, ClickHouse is an open-source, columnar database management system created by Yandex. It is utilized for rapid analytical queries and is frequently employed by ethical hackers to probe the dark web for exposed information.
A log stream table within the dataset is reported to comprise over one million log entries, including timestamps from January 6, references to numerous internal DeepSeek application programming interface (API) endpoints, along with chat history, API Keys, backend information, and operational metadata presented in plain text.
The researchers asserted that with this level of access, a malicious actor could feasibly extract passwords, local files, and proprietary details directly from the server. At the time of writing, no update was available on whether this data exposure could be controlled or if the dataset could be taken offline.
