Jump to content
  • Sign Up
×
×
  • Create New...

DeepSeek API, chat log exposure a ‘rookie’ cyber error

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

DeepSeek API, chat log exposure a ‘rookie’ cyber error

Days after a significant cyber attack of unknown provenance caused significant disruption for users of emergent ******** generative artificial intelligence (GenAI) model

This is the hidden content, please
, persistent security issues continue to dog the fast-growing application, and reports are emerging of a fundamental lack of attention paid to basic cyber security measures at DeepSeek itself.

This is according to researcher Gal Nagli of

This is the hidden content, please
, a cloud security specialist, who on Wednesday 29 January published details of a publicly accessible DeepSeek database containing a trove of data, which he said enabled full control over database operations.

Nagli said he was motivated to assess DeepSeek’s external cyber security posture and identify possible vulnerabilities in light of the platform’s meteoric rise to global prominence.

“Within minutes, we found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data. It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000,” said Nagli.

“This database contained a significant volume of chat history, back-end data and sensitive information, including log streams, API secrets, and operational details.

“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defence mechanism to the outside world,” he added.

Nagli found the exposed database through a standard mapping exercise of DeepSeek’s publicly accessible domains. He found about 30 internet-facing subdomains, most of which were benign, but on expanding his search beyond standard HTTP ports 80 and 443, he found two open ports, 8123 and 9000, associated with the vulnerable hosts.

Leveraging ClickHouse’s HTTP interface, he was then able to access a specific path that enabled direct execution of arbitrary SQL queries in a web browser; running a ‘show tables’ query returned the list of exposed datasets.

“This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only could an attacker retrieve sensitive logs and actual plain text chat messages, but they could also potentially exfiltrate plain text passwords and local files along with propriety information directly from the server … depending on their ClickHouse configuration,” said Nagli.

Nagli informed DeepSeek of the exposed ClickHouse service through responsible disclosure channels, and Computer Weekly understands they have now been locked down.

ClickHouse is an open source database management tool used for processing, log storage and analytics – which was initially developed at Yandex in Russia, although it is now based in Silicon Valley.

William Wright, CEO of 

This is the hidden content, please
, a consultancy based in Scotland’s Western Isles, said the issues were highly concerning given DeepSeek was giving some of the world’s most well-established AI leaders a run for their money.

“Security must be a priority, but leaving a database like this exposed is a rookie mistake,” he said. “In the last week, DeepSeek has been thrust into the public eye, but the company is clearly now learning that not all publicity is good publicity.

“Having plain text conversations in a public-facing database could provide criminals with access to confidential information relating to businesses and individuals. Criminals could also exploit further commands to steal more information from users, which would put them at even greater risk.

“This is also one of the key reasons why organisations must run proactive assessments across their networks, so weaknesses can be identified and mitigated before they are exposed by researchers or threat actors,” said Wright.



This is the hidden content, please

#DeepSeek #API #chat #log #exposure #rookie #cyber #error

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept