Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

DeepSeek's AI success is overshadowed by a serious security breach

A massive data leak from AI startup DeepSeek has raised alarms about the security of sensitive user data in the rapidly evolving AI industry.

Cybersecurity researchers at Wiz recently found a major security lapse at DeepSeek, a Chinese AI startup. The company, known for its DeepSeek-R1 AI model, had left a ClickHouse database exposed — an oversight with serious consequences.

Over a million log entries, containing chat history, secret keys, and backend details, were left unprotected in the exposed database. Worse, the database allowed full administrative control without authentication, making it a goldmine for potential attackers.

The exposed data included API secrets, internal logs, and even plaintext chat messages, posing a severe risk to both DeepSeek and its users. Wiz researchers responsibly disclosed the issue to DeepSeek, which promptly secured the database.

How the breach was discovered

Wiz's research team identified the issue while analyzing DeepSeek's external security posture. They initially mapped out DeepSeek's internet-facing domains and found several subdomains, most appearing harmless.

However, deeper analysis revealed two unusual open ports — 8123 and 9000 — linked to publicly exposed ClickHouse database instances. These instances were completely unprotected, allowing anyone to access and manipulate data without authentication.

Watch the Latest from AppleInsider TV

Using basic SQL queries through ClickHouse's built-in web interface, Wiz researchers found a table named "log_stream," which contained extensive logs with sensitive information. The logs included timestamps, references to internal DeepSeek API endpoints, and plaintext chat messages, as well as operational metadata.

Code snippet titled Plain-Text chat messages from DeepSeek, with translation about solid rocket boosters' invention, historical development, components, functions, and future developments. The leak included chat messages. Image credit: Wiz Research

Such unrestricted access could have allowed attackers to extract passwords, local files, and proprietary data.

While the exposure was quickly patched, it raises larger concerns about DeepSeek's infrastructure and the risks tied to its rapid growth.

DeepSeek's rapid rise brings success & security concerns

DeepSeek's data leak comes at a pivotal moment for the company. Despite its security lapse, the AI startup has seen a dramatic rise, topping the U.S. App Store and many others worldwide.

The company's rapid success stems from its ability to deliver high-quality AI responses at a fraction of the cost of Western competitors like OpenAI's ChatGPT. However, the very infrastructure that enabled this growth — the lightweight, cost-effective model — also appears to have contributed to its security vulnerabilities.

Given the U.S. government's history of restricting Chinese tech firms like Huawei and TikTok, DeepSeek may face regulatory hurdles if concerns over data security persist.



7 Comments

9secondkox2 9 Years · 3237 comments

It’s not so hard to build something, even an improve it, when someone else’s toil has paved the way - and when there are less ethical hurdles to slow you down. 

But “easy come” is usually followed by “easy go” as they used to say. 

The main holdup for Apple’s own entry seemed to have been feeding the ai system ethically rather than just stealing/plagiarizing all the data they could find. 

I seriously doubt this recent offer was put together with any regard whatsoever for ethics. 

And now, with security issues so army on… no thanks. 

1 Like · 0 Dislikes
Pema 3 Years · 212 comments

This is just more sore loser talk. Isn't all user data compromised in Generative AI? I mean, where are the hangers full of data coming from? User data - like you and me. 

0 Likes · 2 Dislikes
MacPro 19 Years · 19854 comments

I wonder if DeepSeek pissed someone off ... oh wait...

0 Likes · 1 Dislike
humbug1873 3 Years · 181 comments

It’s not so hard to build something, even an improve it, when someone else’s toil has paved the way - and when there are less ethical hurdles to slow you down. 

Yes, that's what I always think about the US, that eventually droped it's ethics concerns and had their German 'prisoners'  build rockets to go into space and later on the moon. *sarkasm off*

Seriously EVERY 'new' invention is build on the shoulders of the scientists/researchers/inventors that came before ... and not all those inventions were used for purely ethical reasons.

1 Like · 1 Dislike
tundraboy 19 Years · 1921 comments

It’s not so hard to build something, even an improve it, when someone else’s toil has paved the way - and when there are less ethical hurdles to slow you down. 

Yes, that's what I always think about the US, that eventually droped it's ethics concerns and had their German 'prisoners'  build rockets to go into space and later on the moon. *sarkasm off*

Seriously EVERY 'new' invention is build on the shoulders of the scientists/researchers/inventors that came before ... and not all those inventions were used for purely ethical reasons.

Yup, luckily, the US's Nazi rocket scientists were better than the Soviet's Nazi rocket scientists.

0 Likes · 1 Dislike