Exposed DeepSeek Database Revealed Chat Prompts and Internal Data
1 min read
Summary
Cloud security firm Wiz has found that DeepSeek’s database was exposed, leaving more than 1 million records accessible to anyone who discovered the database.
The exposed data included system logs, user prompts and API authentication tokens, and appeared to be a ClickHouse database, a popular tool for server analytics.
Wiz researchers contacted DeepSeek via its LinkedIn profile and email addresses, but received no response.
However, within 30 minutes of making contact, the database had been locked down and was no longer accessible.
It is unknown whether authorised or unauthorised parties gained access to the data prior to the database being closed.
The exposure of the database is due to a simple error, highlighting the problem of open databases that are accessible to anyone on the internet.
This is a serious issue, as the vulnerability would have been identified quickly, either by other researchers or by criminals, and the access level that it provided to the company’s data was very high.
Wiz’s CTO, Ami Luttwak, stated that this revealed that the service was not mature for use with sensitive data.