A few days after a cyber attack disrupted users of the Chinese AI model DeepSeek, security problems are still a major concern. Researcher Gal Nagli from Wiz recently uncovered serious flaws in DeepSeek’s cyber security measures.
On January 29, Nagli revealed that a database linked to DeepSeek was left completely open to the public. “We found a ClickHouse database accessible without authentication, exposing sensitive data,” he stated. This database, hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, included a wealth of chat history, back-end data, and critical information like API secrets.
Nagli emphasized that this exposure allowed anyone to take full control of the database without any security restrictions. He discovered the vulnerability while mapping DeepSeek’s publicly available domains, where he identified around 30 subdomains. Most were harmless, but he found open ports 8123 and 9000 that linked to the problematic database.
Using ClickHouse’s HTTP interface, Nagli could execute SQL queries right in a web browser, which posed a severe risk to DeepSeek’s security and its users. An attacker could steal sensitive logs, personal chat messages, and potentially even passwords from the server if they knew what to look for.
After reporting the open ClickHouse service, Nagli learned that DeepSeek has since secured it. ClickHouse, an open-source database tool initially developed at Yandex in Russia and now based in Silicon Valley, has its own risks.
William Wright, CEO of Closed Door Security, voiced his concern about DeepSeek’s security lapses. “Security needs to come first, but exposing a database like this is a rookie mistake,” he remarked. With DeepSeek gaining traction in the AI sector, they’re realizing quickly that some publicity can be damaging.
Leaving personal conversations in a public database could be a goldmine for criminals, giving them access to sensitive information. Wright cautions that organizations need regular assessments to spot weaknesses before they can be exploited.