Wiz Cybersecurity Firm: 'Authentication Flaw Found in DeepSeek Databases'

Authentication Flaw in DeepSeek Databases
Cybersecurity firm Wiz has uncovered a serious security flaw in databases used by DeepSeek. The vulnerability allows unauthorized access to databases hosted on oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, making them available without proper authentication. Experts warn that attackers could exploit this flaw to gain full control over the database and escalate their privileges within the system.

How the Vulnerability Was Exploited
Security researchers revealed that the leaked data was accessed using a vulnerability in the ClickHouse HTTP interface. By exploiting this flaw, attackers could run arbitrary SQL queries directly through a web browser. This kind of vulnerability presents a significant opportunity for cybercriminals, according to experts.

DeepSeek’s Response and Measures Taken
DeepSeek confirmed the security flaw and stated that patches have been applied to address the issue. However, this incident brings the risks of data security in AI-related ventures back into focus. Experts highlight the growing importance of securing databases and access control in organizations, particularly those in the AI sector.

Leaked Data
The data leaked due to this security flaw includes:

• Over 1 million log records
• User chat histories
• Sensitive API keys and access credentials
• Backend system details and operational metadata

Expert Warnings and Risks
This breach underscores the need for companies to strengthen their data security measures. Experts specifically warn AI companies to tighten their database access controls and to be more vigilant about securing sensitive data to prevent similar incidents in the future.