DeepSeek's data breach reportedly exposed 1 million log entries

DeepSeek, a popular Chinese AI startup that broke the US market with its models, has recently experienced a data breach. With that, analysts estimate that it exposed over 1 million log entries.

Researchers over at Wiz said that ClickHouse, one of DeepSeek’s databases, was left exposed on the internet. The vulnerable database lets unauthorized access to sensitive data, including over a million log entries, chat history, API secrets, backend details, and operational metadata.

This exposure, confirmed by security experts, was hosted on publicly accessible servers without authentication. Attackers could then potentially gain full control over the database and even privileges within DeepSeek’s environment.

The database, found at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, provided access to plaintext logs and metadata, including sensitive information such as chat history, secret keys, and directory structures.

Wiz researchers then discovered that the vulnerability allowed direct execution of arbitrary SQL queries via the ClickHouse HTTP interface, enabling attackers to exfiltrate sensitive data.

Though, it still remains unclear if any malicious actors exploited the leak before it was secured. You can read the full research here, but it’s quite technical.

This incident comes as DeepSeek has been making waves in the AI industry with its cost-effective and efficient models, such as its reasoning model R1, which rivals those of leading AI systems like OpenAI.

DeepSeek claimed that its open-source models were developed using older Nvidia H100 GPUs and just $6 million, which is a huge deal, especially at times when developing an AI could break the bank. But not too long after its launch, the company temporarily limited user registrations due to large-scale malicious attacks and a major outage affecting its API and web chat.