×
A DeepSeek database left sensitive user data and chat histories completely exposed
Written by
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

DeepSeek, a Chinese AI startup, recently secured a database that had been exposing sensitive user data and system information without any authentication requirements.

Critical security breach: Cloud security firm Wiz discovered an unprotected database containing DeepSeek user information and system data that was freely accessible to anyone.

  • The exposed database contained more than 1 million log lines including user chat histories, API authentication keys, and system logs
  • The data was stored in ClickHouse, an open-source data management system
  • Security researchers found the vulnerable database “within minutes” without needing any authentication

Potential impact: The security flaw could have allowed malicious actors to gain significant control over DeepSeek’s internal systems.

  • The exposure enabled full database control and potential privilege escalation within DeepSeek’s environment
  • While DeepSeek promptly secured the database after being notified, it remains unclear if any unauthorized parties accessed the data
  • Security researchers noted that unauthorized access “wouldn’t be surprising, given how simple it was to discover”

Technical similarities: The incident has revealed interesting connections between DeepSeek’s technical infrastructure and that of industry leader OpenAI.

  • Researchers noted that DeepSeek’s systems closely mirror OpenAI’s architecture, including specific details like API key formatting
  • This observation comes as OpenAI recently accused DeepSeek of using its data to train AI models

Looking ahead: The incident raises important questions about data security practices among AI startups and the potential risks of architectural mimicry in the AI industry, particularly as companies race to compete with established players like OpenAI.

DeepSeek database left user data, chat histories exposed for anyone to see

Recent News

NYT strikes landmark AI licensing deal with Amazon

The prestigious newspaper establishes a template for how media organizations might monetize content in the AI era while still pursuing litigation against other technology companies.

AI chip startup Cerebras outperforms NVIDIA’s Blackwell in Llama 4 test

Cerebras's custom AI hardware delivers more than double the tokens per second of NVIDIA's Blackwell GPUs in independent testing of Meta's largest language model.

AI courses from Google, Microsoft and more boost skills and résumés for free

As AI becomes critical to business decision-making, professionals can enhance their marketability with free courses teaching essential concepts and applications without requiring technical backgrounds.