A major security breach at Chinese AI startup DeepSeek has exposed over one million sensitive records, including user chat histories and internal system data, according to cybersecurity firm Wiz.
The New York-based security researchers discovered an unsecured ClickHouse database that was publicly accessible online without any authentication requirements. The exposed database contained chat logs, API keys, backend details, and other confidential operational information.
"They took it down in less than an hour," said Wiz Chief Technology Officer Ami Luttwak. "But this was so simple to find, we believe we're not the only ones who found it."
The security lapse allowed potential attackers complete administrative control over the database contents. This meant they could access proprietary data, extract passwords in plain text, and potentially gain entry to files stored on DeepSeek's servers.
The incident comes as DeepSeek has been gaining prominence for its AI capabilities, particularly its DeepSeek-R1 reasoning model positioned as a cost-effective alternative to U.S.-based AI solutions. Earlier this week, the company had restricted new user registrations, citing a cyberattack.
The breach has drawn attention from regulators worldwide. The U.S. National Security Council is reviewing DeepSeek's implications for national security. Meanwhile, data protection authorities in Italy and Ireland have launched investigations into the company's data handling practices.
Security experts warn that AI startups often overlook basic security measures in their rush to scale operations. The DeepSeek incident highlights the risks enterprises face when integrating third-party AI models into their operations.
The exposure also raises questions about DeepSeek's relationship with OpenAI, as researchers noted striking similarities between their systems "down to details like the format of the API keys." This follows recent allegations that DeepSeek may have used OpenAI's API without permission to train its models.
While DeepSeek has secured the database following Wiz's disclosure, the long-term impact of this exposure on the company's reputation and user trust remains uncertain.