DeepSeek data leak exposes more than 1 million sensitive records

Chinese artificial intelligence-driven data analytics firm, DeepSeek, suffered a major security breach, exposing more than one million sensitive records, including chat logs, API keys and internal operational data. Cybersecurity researchers at Wiz Research discovered the leak on Jan. 29 and immediately alerted DeepSeek, which secured the database within an hour.

DeepSeek, known for developing AI-powered data processing models, left a publicly accessible ClickHouse database open without authentication. This exposed a massive volume of sensitive information, raising concerns over the security practices of AI companies handling vast amounts of user data.

What was exposed?

According to Wiz Research, the database contained:

• Chat logs with potentially private conversations
• System metadata revealing backend operations
• API authentication keys
• Log streams with plaintext data
• Internal operational records

These critical security gaps made DeepSeek’s internal data vulnerable to cyberattacks, phishing, and corporate espionage.

How Wiz Research discovered the leak

Wiz Research conducted a routine cybersecurity assessment of DeepSeek’s infrastructure and identified 30 internet-facing subdomains. While most appeared safe, a deeper scan revealed two open ports (8123 and 9000), leading to a fully accessible ClickHouse database.

With no authentication or security measures, attackers could have extracted AI training data, proprietary models and potentially user information.

DeepSeek secures database, but is it too late?

Upon being notified by Wiz Research, DeepSeek secured the database within an hour, preventing further exposure. However, the company has not yet issued a formal statement regarding the breach.

Security analysts warn that DeepSeek could face regulatory scrutiny under major data protection laws, including the General Data Protection Regulation If European users’ data was leaked, and the California Consumer Privacy Act if U.S. consumer data was exposed.

Cybersecurity experts warn that exposed data could be used in phishing attacks, credential theft and corporate espionage.

DeepSeek’s failure to secure its database highlights growing concerns over AI security as companies race to develop advanced machine learning models.

While DeepSeek acted quickly to close the breach, the incident underscores the urgent need for stronger data security in AI companies handling sensitive user information.

Experts warn that if AI firms do not strengthen their security, breaches like DeepSeek’s will become more frequent and damaging.