Full Report
Research Firm Wiz Research began investigating DeepSeek soon after its generative AI took the tech world by storm.
Analysis Summary
# Incident Report: DeepSeek Public Database Exposure
## Executive Summary
Security research firm Wiz Research responsibly disclosed a vulnerability in DeepSeek's infrastructure where a ClickHouse database was left publicly accessible. This exposure allowed reading of sensitive information, including customer chat history, backend data, log streams, and API secrets. DeepSeek successfully locked down the public access upon notification, mitigating further risk.
## Incident Details
- **Discovery Date:** January 29, 2025 (Date of responsible disclosure by Wiz Research)
- **Incident Date:** Occurred prior to January 29, 2025 (Exact start date unknown)
- **Affected Organization:** DeepSeek (Chinese AI company)
- **Sector:** Artificial Intelligence / Technology
- **Geography:** Not explicitly stated, but DeepSeek is a Chinese company. Disclosure was made by a U.S.-based firm (Wiz Research).
## Timeline of Events
### Initial Access
- **Date/Time:** Discovered "within minutes" of Wiz Research beginning assessment (Pre-Jan 29, 2025).
- **Vector:** Misconfiguration leading to a publicly accessible ClickHouse database.
- **Details:** Attackers (or researchers) assessed DeepSeek’s internet-facing subdomains and found the open port leading to the database.
### Lateral Movement
- *Not explicitly detailed*; The primary issue was direct read access to an exposed database, not necessarily internal network exploitation. The public access allowed for potential privilege escalation attacks against the database itself.
### Data Exfiltration/Impact
- **Data Exposed:** Chat history, backend data, log streams, API Secrets, and operational details.
### Detection & Response
- **Detection:** Discovered by Wiz Research on or before January 29, 2025, during vulnerability assessment.
- **Response Actions:** DeepSeek locked down the public database access following notification from Wiz Research.
## Attack Methodology
- **Initial Access:** Exploitation of a misconfigured, internet-facing ClickHouse database (Port/Service exposure).
- **Persistence:** Not applicable/Not reached.
- **Privilege Escalation:** The public accessibility of the database presented potential paths for privilege escalation against the database system.
- **Defense Evasion:** Not applicable/Not reached.
- **Credential Access:** API Secrets were found exposed within the database.
- **Discovery:** Initial reconnaissance focused on internet-facing subdomains and open ports.
- **Lateral Movement:** Not detailed.
- **Collection:** Direct reading of database contents.
- **Exfiltration:** Data was accessible for exfiltration (though the extent of actual exfiltration by malicious actors is unknown, the potential existed).
- **Impact:** Unauthorized exposure of sensitive operational and user data.
## Impact Assessment
- **Financial:** No financial impact disclosed.
- **Data Breach:** Chat history, backend data, log streams, and API secrets were exposed to anyone scanning the internet.
- **Operational:** Potential risk to the integrity and confidentiality of the AI platform operations.
- **Reputational:** The incident highlights security risks associated with rapidly scaling generative AI projects.
## Indicators of Compromise
- **Network indicators (Defanged):** Open ClickHouse database running on an exposed public IP/subdomain of DeepSeek infrastructure.
- **File indicators:** Exposure of API Secrets.
- **Behavioral indicators:** Unauthorized read attempts or access logs related to the specific ClickHouse instance.
## Response Actions
- **Containment:** Public access to the ClickHouse database was locked down by DeepSeek upon notification.
- **Eradication:** Not detailed, but assumed necessary steps were taken on the database server itself.
- **Recovery:** No details provided on post-incident recovery timelines.
## Lessons Learned
- **Key Takeaways:** Rapid scaling of infrastructure (especially for emerging technologies like Generative AI) must be paired with rigorous and immediate security checks on public-facing assets. Misconfigurations, such as leaving administrative or data stores open to the public internet, pose significant and immediate risks.
- **What could have been done better:** Prevention through stringent configuration management and continuous cloud security posture management (CSPM) to prevent instances from being exposed publicly.
## Recommendations
- Implement automated scanning tools (like those used by Wiz Research) to continuously monitor internet-facing assets for exposed databases or sensitive services.
- Enforce a principle of least privilege internally, ensuring that even if a database is exposed, access to sensitive data subsets (like chat history or secrets) requires robust authentication and authorization.
- Conduct mandatory security reviews for newly deployed services, particularly those holding user interaction data or credentials (API secrets).