Member-only story
DeepSeek’s Database Leak🚨🔍
Read for free here
The world of AI is moving at lightning speed, and Chinese startup DeepSeek has been at the forefront of this revolution. With its groundbreaking DeepSeek-R1 reasoning model, the company has been making waves, rivaling giants like OpenAI in performance while boasting cost-effectiveness and efficiency. But as DeepSeek soared, a critical security oversight threatened to ground its momentum.
Enter Wiz Research, a team of cybersecurity experts who stumbled upon a shocking discovery: a publicly accessible, completely unauthenticated ClickHouse database belonging to DeepSeek. This database wasn’t just a minor leak — it was a treasure trove of sensitive information, including chat histories, API secrets, backend details, and operational metadata.
TL;DR:
⚠️ Exposed Database: DeepSeek, a rising AI star, left a ClickHouse database wide open online with zero authentication.
📜 1M+ Logs Leaked: Chat histories, API keys, backend secrets — all accessible to anyone with a browser.
🛠️ Full Control Risk: Attackers could’ve manipulated data, stole secrets, or hijacked systems.
🔧 Quick Fix: DeepSeek patched the leak after Wiz Research’s alert.
🌍 Bigger Picture: AI’s breakneck growth is outpacing security. Yikes.
🚀 Executive Summary: When AI Ambition Outpaces Security
DeepSeek, the Chinese AI startup making headlines for its cutting-edge “DeepSeek-R1” model (a rival to OpenAI’s tech), faced a stark reality check. While racing to innovate, they accidentally exposed a treasure trove of sensitive data — no password needed. The breach, uncovered by Wiz Research, reveals how easily basic security gaps can undermine even the most advanced AI systems.
🔍 The Discovery: A Database Wide Open
Wiz Research began its investigation by mapping DeepSeek’s publicly accessible domains. Using standard reconnaissance techniques, they identified around 30 internet-facing subdomains…
