Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek, exposing chat history, secret keys, and backend details. After responsible disclosure, DeepSeek promptly secured the issue.
“Within minutes, we found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data. It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000.” reads the report published by Wiz.
“This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details.”
The researchers noted that the leak could have allowed attackers to take full control of the database and potentially escalate privileges within the DeepSeek environment, without any authentication.
Researchers discovered two unusual open ports (8123 and 9000) on DeepSeek’s servers, which provided access to a publicly exposed ClickHouse database without authentication, raising significant security concerns.
The experts used ClickHouse’s HTTP interface and accessed the /play path to execute arbitrary SQL queries via the browser.
Upon executing a SHOW TABLES;
query, the researchers obtained the full list of datasets, including a log_stream
table with over one million log entries containing highly sensitive data. The table included the following columns:
The researchers explained they did not execute intrusive queries beyond enumeration to preserve ethical research practices.
“This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file(‘filename’) depending on their ClickHouse configuration.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, DeepSeek)