DeepSeek Database Exposure: 1 Million Chat Logs Left Unsecured

China's hottest AI startup forgot to lock the database. 1 million+ chat logs, system prompts, and API keys—just sitting there. On the public internet. For weeks.

By They Didn\x27t Ask
DeepSeek Database Exposure: 1 Million Chat Logs Left Unsecured DeepSeek EXPOSURE LEVEL: CRITICAL. If you used DeepSeek, assume your conversations were accessible. In January 2025, security researchers discovered something remarkable: DeepSeek, China's rising AI darling, had left a ClickHouse database completely exposed to the internet. No password. No authentication. Just... Open. The Exposed Data What was inside? 1,000,000+ Chat Logs: Every conversation users had with DeepSeek's AI—unencrypted. System Prompts: The secret instructions that define the AI's behavior. API Keys: Access tokens for paying customers—ready for abuse. Backend Logs: Internal telemetry, error messages, debug data. For security researchers, this was a significant find. For DeepSeek users, it meant their most sensitive conversations were publicly accessible. The Timeline of Negligence Database Deployed: ~Late 2024 Discovered Exposed: January 2025 (Wiz Research) Time Left Open: Estimated 2-3 weeks minimum Users Notified: Not at the time of discovery 2026 Update: The Browser Extension Attack Just as the database scandal faded, January 2026 brought a new wave of attacks. Security firm OX Security found two popular Chrome extensions (claiming to "enhance" AI chats) that were silently exfiltrating DeepSeek and ChatGPT logs to a third-party server. Impact: 900,000+ Users Affected Data Stolen: Full conversation history, including code snippets, business plans, and personal medical queries. Response: Google removed the extensions, but the data is already out there. Global Fallout (Jan 2026) Governments aren't taking chances anymore: Netherlands: Banned DeepSeek usage for government employees within 72 hours of the new leak reports. Italy: Continues its strict blockade started in 2026. What Attackers Could Do With this access, a malicious actor could: Read Private Conversations: Including business secrets, personal confessions, anything shared with the AI. Hijack Accounts: Use leaked API keys to rack up charges or access other services. Poison the Model: Inject malicious data into training pipelines. Impersonate Users: Use conversation history for social engineering attacks. The Bigger Picture DeepSeek is positioned as China's answer to OpenAI. It's being integrated into enterprise systems, government workflows, and consumer products across Asia. And they left the front door wide open. When an AI startup moves fast and breaks things, the thing being broken can be your privacy.