
Cybersecurity researchers recently discovered a serious misconfiguration in the infrastructure of DeepSeek, a Chinese AI startup known for its powerful language models. The issue? An unsecured ClickHouse database was left exposed to the internet without authentication, making it possible for anyone to access sensitive user data.
What Was Leaked?
DeepSeek has been gaining traction, especially with its R1 model, which has been benchmarked to outperform GPT-4o in certain areas. This increased attention led security researchers from Wiz to investigate the company’s online footprint. Their scans revealed over 30 exposed applications and APIs, with publicly accessible TCP ports (8123 and 9000) linked to URLs such as:
http://oauth2callback.deepseek[.]com:8123
http://dev.deepseek[.]com:8123
http://oauth2callback.deepseek[.]com:9000
http://dev.deepseek[.]com:9000
These ports provided unrestricted access to ClickHouse’s database, where researchers uncovered over a million entries in a table called log_stream
. This included chat histories, API keys, and internal system logs—none of which were encrypted.
Why Is This a Big Deal?
Beyond the obvious privacy concerns, having an open ClickHouse instance could have allowed attackers to extract sensitive user interactions, gain unauthorized access to API keys, and even escalate privileges within DeepSeek’s infrastructure. This kind of exposure could have led to major security breaches, including unauthorized data manipulation and server file access.
How Did DeepSeek Respond?
Once Wiz researchers notified DeepSeek, the company acted quickly to secure the exposed interfaces, preventing further unauthorized access. However, this incident highlights a recurring issue in AI and tech startups—security often takes a backseat to rapid development and deployment.
Lessons for AI Developers and Users
Security misconfigurations like this can have serious consequences, particularly for AI services handling sensitive user interactions. While AI models are becoming more advanced, they must be deployed with proper security frameworks. Tools like CRISP-ML and security best practices like the OWASP Top 10 can help companies build safer AI ecosystems.
For users, this is a reminder to be mindful of the information shared with AI systems. Many LLM services log interactions, and as we’ve seen in this case, those logs can sometimes end up exposed. Treat conversations with AI models just like you would with any other online service—assume they could be stored and accessed.
Final Thoughts
The AI industry is advancing rapidly, but security needs to keep up. Incidents like this show that even companies developing cutting-edge AI can fall into common cybersecurity pitfalls. The takeaway? Innovation and security must go hand in hand—because what good is a powerful AI if it can’t keep user data safe?
Subscribe to the channel: youtube.be/@AngryAdmin 🔥
🚨Dive into my blog: angrysysops.com
🚨Snapshots 101: a.co/d/fJVHo5v
🌐Connect with us:
- 👊Facebook: facebook.com/AngrySysOps
- 👊X: twitter.com/AngrySysOps
- 👊My Podcast: creators.spotify.com/pod/show/angrysysops
- 👊Mastodon: techhub.social/@AngryAdmin
💻Website: angrysysops.com
🔥vExpert info: youtube.be/@AngryAdmin