A security loophole in DeepSeek, a well-known Chinese AI startup, uncovered a publicly accessible ClickHouse database containing highly confidential information, consisting of more than a million lines of log streams.
The data breach, which involved chat records, API access codes, backend specifics, and operational metadata, has set off alarms regarding the security protocols of swiftly growing AI startups.
DeepSeek has recently gained global recognition for its flagship AI reasoning model, DeepSeek-R1, which has been praised for its affordability and effectiveness.
The rapid rise of the company has positioned it alongside major players in the industry like OpenAI in terms of performance. Nonetheless, this event highlights the difficulties of maintaining robust security in the fast-paced AI sector.
The database, which was located on oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, gave unrestricted access, permitting unauthorized individuals to run SQL queries and examine sensitive internal data.
The exposed database, linked to DeepSeek’s backend services, stored over a million log entries.
“This level of access represented a critical threat to DeepSeek’s security and that of its users. An attacker could not only retrieve sensitive logs and actual chat messages in plain text, but they could potentially extract plain passwords and local files, alongside proprietary details directly from the server using queries like: SELECT * FROM file(‘filename’) depending on their ClickHouse setup,” as stated.
Essential specifics encompassed chat records from the firm’s AI chatbot, plain API access codes, backend service metadata, and internal directories, all of which were stored in the log_stream table. This breach constitutes a severe risk not only to DeepSeek but also to the privacy and data security of its users.
Discovery of the Breach
Researchers utilized customary reconnaissance methods to map DeepSeek’s external attack surface, initially spotting around 30 subdomains.
Although most subdomains seemed to be standard hosts of chatbot interfaces, status pages, and documentation, a deeper examination revealed the existence of two open ports (8123 and 9000) leading to the ClickHouse database in the mentioned hosts.
- http://oauth2callback.deepseek.com:8123
- http://dev.deepseek.com:8123
- http://oauth2callback.deepseek.com:9000
- http://dev.deepseek.com:9000
ClickHouse, a popular open-source, columnar database tailored for real-time processing of extensive datasets, had an HTTP interface that allowed Wiz researchers to enter the /play route and execute SQL directives, revealing the complete list of tables housed in the database.
Among these tables, the log_stream table was significant for holding highly confidential data, like plaintext logs of discussions, API secrets, and backend service specifics.
The absence of authentication on the database not only allowed entry to sensitive data but also handed complete control of the database.
This situation could have empowered malevolent entities to execute harmful commands, pirate proprietary details, or potentially escalate permissions within DeepSeek’s ecosystem.
“An individual with access to this database could misuse it to obtain plaintext passwords, sensitive server information, and other secret details,” as affirmed. While the team abstained from executing intrusive queries based on ethical research practices, they highlighted the criticality of the security mishap.
Following the discovery of the vulnerability, Wiz Research promptly informed DeepSeek, which expeditiously secured the disclosed database and resolved the problem. The company has yet to issue an official statement regarding the incident.
This occurrence underscores the considerable hazards linked with the swift embrace of AI technologies. While futuristic AI threats such as model tampering or adversarial attacks often grab attention, this breach accentuates the significance of tackling primary security risks, like the inadvertent exposure of critical infrastructure.
“As organizations surge to adopt AI, the security frameworks devised to protect sensitive data are oftentimes disregarded,” was conveyed by a representative for Wiz Research. “This event acts as a wakeup signal for the entire industry.”
The DeepSeek database breach serves as a poignant reminder of the crucial necessity of security in the AI realm. As AI technologies become deeply integrated in companies worldwide, startups and established firms equally need to prioritize constructing secure infrastructures.
Devoid of adequate protections, sensitive user data and confidential information remain vulnerable, jeopardizing individual companies and the overarching trust in AI ecosystems.
The post DeepSeek Database Leaked – Full Control Over DB Secret keys, Logs & Chat History Exposed appeared first on Cyber Security News.