A misconfigured ClickHouse database associated with DeepSeek, a rapidly growing Chinese AI startup, was discovered to be publicly accessible without authentication, exposing highly sensitive information such as internal logs, chat histories, and secret authentication keys, which could compromise user security and proprietary company data.
This news comes only a few days after a DDoS attack disrupted the registration of new users on DeepSeek.
DeepSeek’s internet-facing infrastructure investigation identified approximately 30 subdomains, most hosting standard services like chatbot interfaces and API documentation. However, on probing further, researchers uncovered unusual open ports (8123 and 9000) that led to an exposed ClickHouse instance.
ClickHouse, an open-source columnar database system widely used for big data analytics, was found to be configured without authentication, allowing unrestricted access to stored data.
“By mapping the external attack surface with straightforward reconnaissance techniques (passive and active discovery of subdomains), we identified around 30 internet-facing subdomains. Most appeared benign, hosting elements like the chatbot interface, status page, and API documentation—none of which initially suggested a high-risk exposure,” researchers noted. “Upon further investigation, these ports (8123 and 9000) led to a publicly exposed ClickHouse database, accessible without any authentication at all – immediately raising red flags.”
By leveraging ClickHouse’s HTTP interface, unrestricted access was granted to the /play path, enabling the execution of arbitrary SQL queries. A simple SHOW TABLES; command returned a list of datasets, revealing a particularly concerning table: log_stream.
This table contains over a million log entries, including timestamps dating back to January 6, 2025, API endpoint references, plaintext chat history, API keys, backend metadata, and service request origins.
DeepSeek has recently gained traction for its advanced AI models, particularly the DeepSeek-R1 reasoning model, which rivals industry leaders such as OpenAI’s ChatGPT in efficiency and cost-effectiveness.
“As AI becomes deeply integrated into businesses worldwide, the industry must recognise the risks of handling sensitive data and enforce security practices on par with those required for public cloud providers and major infrastructure providers,” researchers concluded.
In the News: British engineering giant targeted in cyberattack, systems accessed
