DeepSeek security breach exposes 1mn sensitive records

Chinese artificial intelligence firm DeepSeek suffered a significant security breach, exposing over one million sensitive records, including chat logs, API keys, and internal operational data.

The breach was discovered by cybersecurity researchers at Wiz Research on January 29, who alerted DeepSeek, prompting the company to secure the exposed database within an hour.

The breach occurred due to DeepSeek’s failure to properly secure a publicly accessible ClickHouse database, which lacked authentication, making sensitive data vulnerable to unauthorized access.

The exposed data included chat logs with potentially private conversations, backend system metadata, API authentication keys, plaintext log streams, and internal records.

Wiz Research discovered the vulnerability during a routine cybersecurity scan of DeepSeek’s infrastructure.

Read: China's AI startup Deepseek takes global tech by storm

They identified two open ports (8123 and 9000), which led to the unprotected database.

Without security measures in place, attackers could have accessed critical AI training data, proprietary models, and user information.

Although DeepSeek quickly responded to secure the breach, the company has not issued a formal statement regarding the incident.

Experts warn that the breach could trigger regulatory scrutiny, particularly under the General Data Protection Regulation (GDPR) if European user data was exposed, or the California Consumer Privacy Act (CCPA) if U.S. consumer data was compromised.