DeepSeek Data Breach: Leaked DeepSeek Database Exposes Chat Prompts and Internal Data

Wiz, a cybersecurity firm based in New York, has reported discovering a large amount of sensitive data from the Chinese AI startup DeepSeek that was unintentionally exposed to the open internet.

In a blog post released on Wednesday, Wiz explained that scans of DeepSeek's infrastructure revealed the company had accidentally left over a million lines of data unsecured. This exposed information included digital software keys and chat logs, which appeared to document prompts from users interacting with the company's free AI assistant.

"The exposure includes over a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information. The Wiz Research team immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure," the report stated.

Wiz’s Chief Technology Officer, Ami Luttwak, stated that DeepSeek swiftly secured the exposed data after being notified by his firm. “They took it down in less than an hour,” Luttwak said. “However, given how easily it was to find, we believe we're not the only ones who discovered it.”

DeepSeek did not respond immediately to a request for comment.

Exposed databases accessible to anyone on the open internet have been an ongoing issue that institutions and cloud providers have gradually worked to address. However, Wiz researchers point out that the DeepSeek database they discovered was visible almost immediately, requiring minimal scanning or probing.

"Usually, when we encounter this kind of exposure, it’s in a neglected service that takes us hours of scanning to uncover," says Nir Ohfeld, head of vulnerability research at Wiz. "But this time, it was right at the front door." Ohfeld adds that the "technical difficulty of this vulnerability is minimal."

The researchers believe the exposed data was stored in a type of open-source database known as ClickHouse, commonly used for server analytics. This was confirmed by the presence of log files detailing user paths through DeepSeek’s systems, their prompts, and other interactions, as well as API keys used for authentication. While the prompts the researchers observed were in Chinese, they caution that other languages may have been present in the database as well. The researchers conducted the minimum necessary assessment to verify their findings without compromising user privacy, but they speculate that a malicious actor could have leveraged this deep access to move laterally within DeepSeek's systems and potentially execute code elsewhere in the company's infrastructure.

The company's rapid rise following the release of its AI assistant has generated excitement in China and raised concerns in the United States. DeepSeek’s apparent ability to match OpenAI’s capabilities at a significantly lower cost has raised questions about the long-term viability of business models and profit margins for major US AI players like Nvidia and Microsoft.

By Monday, DeepSeek had surpassed ChatGPT in downloads on the Apple App Store, leading to a global selloff in tech stocks.

Despite all the hype, the exposed data highlights that technologies dependent on cloud-hosted databases remain susceptible to simple security oversights. As Wiz’s Ohfeld puts it, 'AI is the new frontier in technology and cybersecurity, yet we continue to see the same old vulnerabilities, like databases left unsecured on the internet.'