DeepSeek Suffers Its First Big Data Breach, But Your Information Is Probably Safe

Upstart AI chatbot DeepSeek’s meteoric rise has been a double-edged sword. New York-based security firm Wiz Research discovered one of the China-based company’s databases exposed on the internet, containing heaps of private and sensitive data—but your data is likely just fine.

DeepSeek Leaves an Unsecured Database Online For Anyone to Find

On Wednesday, 29 January 2025, Wiz Research revealed it had stumbled upon a publicly accessible database belonging to DeepSeek, the Chinese-developed AI chatbot taking the world by storm.

Analysis of the database revealed a trove of DeepSeek’s internal data, including user chat history and backend data, as well as sensitive data such as “log streams, API Secrets, and operational details.” In addition, on accessing the DeepSeek database, the Wiz Research team gained full database control and was able to manipulate data, in turn allowing for a potential privilege escalation with DeepSeek itself.

The rapid adoption of AI services without corresponding security is inherently risky. This exposure underscores the fact that the immediate security risks for AI applications stem from the infrastructure and tools supporting them. While much of the attention around AI security is focused on futuristic threats, the real dangers often come from basic risks—like accidental external exposure of databases.

As per Reuters, DeepSeek fixed the exposed database rapidly.

DeepSeek’s Security and Privacy Issues Are a Risk For Its Users

The level of access to private DeepSeek data is a critical risk for its users. Despite DeepSeek’s stratospheric rise, there are numerous questions posed around its privacy and censorship issues and how these affect its AI output. Still, some people continue to use DeepSeek despite the privacy risks, and it’s not like ChatGPT, Claude, Gemini, and the other AI chatbots are privacy-protecting saints.

It also highlights the issues facing DeepSeek. After surging into the world’s gaze, the AI chatbot has been hit with several setbacks, including a wide-scale cyber-attack and temporarily suspending new accounts. In addition, security researchers at Kela Cyber found they could force DeepSeek to create dangerous malware and phishing campaigns while also exposing serious security flaws in its operations.

So, while DeepSeek is a fantastic open-source AI model, it’s a mixed bag for security, privacy, and its guardrails.