AI Startup DeepSeek Exposes Over a Million Log Entries Due to Database Misconfiguration

A misconfiguration in DeepSeek’s ClickHouse database has resulted in data exposure, leaving sensitive operational details unprotected. According to research by Wiz, the publicly accessible database contained over a million lines of log streams, including chat history, secret keys, and backend details. The issue was traced to exposed ports 8123 and 9000, which led to “a publicly exposed ClickHouse database, accessible without any authentication at all – immediately raising red flags.” Logs discovered in the database dated back to January 6, 2025, revealing unprotected internal activity. The exposure not only compromised chat interactions but also posed a risk of privilege escalation within the DeepSeek infrastructure.

DeepSeek, a Chinese AI startup known for its DeepSeek-R1 model, has rapidly gained prominence in the AI space. However, its external security posture came under scrutiny after Wiz researchers identified over 30 publicly accessible subdomains, some of which hosted API documentation and chatbot interfaces. While these appeared benign, the discovery of open database ports indicated a critical misconfiguration. By accessing the ClickHouse HTTP interface, Wiz researchers found an unprotected “log_stream” table that stored sensitive user activity and backend operations. The database’s design, commonly used for real-time analytics, exacerbated the risk by allowing attackers to query internal data, including plaintext chat logs, API keys, and service metadata.

Through responsible disclosure, Wiz notified DeekSeek of the misconfiguration and DeepSeek has mitigated the issue. The incident highlights security risks with AI security. A previous report from KELA discussed the lack of security guardrails for prompts within DeepSeek and highlighted the need for implementing strong security controls. This exposure underscores the need for organizations adopting AI technologies to evaluate security practices rigorously, ensuring that data protection measures align with the sensitivity of the information being processed.