Sensitive Information DisclosureCritical

DeepSeek exposed ClickHouse database (DeepLeak)

January 2025  ·  DeepSeek

What happened

Wiz Research found a publicly accessible, unauthenticated ClickHouse database belonging to DeepSeek that exposed over a million log lines including plaintext user chat history, API keys, and backend details. The open HTTP interface allowed arbitrary SQL queries and full control of the database with no authentication.

Root cause

A ClickHouse instance was reachable from the internet on open ports with no authentication, leaving its HTTP query interface and all stored data accessible to anyone who found it.

Fix / outcome

DeepSeek secured the exposed database shortly after Wiz reported it. No malicious access beyond the researchers was confirmed.

Sources

Wiz Research (discoverer)

Learn this attack class

This incident is an example of Sensitive Information Disclosure. Read the guide, then try it hands-on in the Academy.

Read the guide →

← Back to the Incident Database