Chinese AI startup DeepSeek exposed a ClickHouse database, allowing unauthorized access to sensitive data, including API secrets, chat logs, and backend details.
Unauthorized Database Exposure
A misconfigured ClickHouse database at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000 was left exposed, allowing anyone to execute SQL queries without authentication. This provided full access to stored data and potential privilege escalation within DeepSeek’s environment.
The leaked data includes:
- Over a million log lines
- API secrets and operational metadata
- Chat history and internal backend details
DeepSeek has since secured the database after being alerted to the issue. However, it remains unknown whether malicious actors accessed or exfiltrated the data before the issue was resolved.
Security Risks of AI Infrastructure
This exposure highlights the risks of rapid AI deployment without strong security controls. While AI security discussions often focus on advanced threats, misconfigurations like open databases pose immediate risks.
Without proper access controls, attackers could have escalated privileges and compromised other parts of DeepSeek’s infrastructure, potentially leading to data theft, model manipulation, or further exploitation of internal systems.
Regulatory and Privacy Concerns
DeepSeek is already under scrutiny from regulatory bodies, including Italy’s data protection authority and the Irish Data Protection Commission, over its data handling practices. The company’s ties to China have also raised national security concerns in the U.S.
Adding to the controversy, OpenAI and Microsoft are investigating whether DeepSeek used OpenAI’s API without permission to train its models through a technique known as distillation.
Conclusion
This incident underscores the importance of enforcing strict security measures in AI operations. Companies must prioritize database security, implement access restrictions, and conduct regular audits to prevent exposure.