Researchers from Wiz reported the discovery of an open database belonging to the Chinese startup DeepSeek, which contained sensitive information. The open access to the database was found within minutes, with no authentication required. Among the exposed data were users’ chat histories, API authentication keys, and system logs.
The DeepSeek database was hosted on the open-source data management system ClickHouse and contained over a million log entries. Wiz noted that this situation could have led to full control over the database and potential privilege escalation within the DeepSeek environment. This could have given attackers access to the startup’s internal systems.
After being notified by Wiz, DeepSeek promptly secured the database. There is no information on whether anyone else accessed the exposed data, but researchers noted that it would not be surprising given how easy it was to find the database.
Interestingly, DeepSeek’s systems have a design similar to OpenAI’s, down to the API key format. Earlier this week, OpenAI accused DeepSeek of using its data to train its AI models.
